From c7c73d8a5da5d6c5f252efdc1e4c8b17bd6675e1 Mon Sep 17 00:00:00 2001 From: David Michael Date: Tue, 7 Nov 2017 17:37:09 -0500 Subject: [PATCH 1/8] sys-libs/glibc: Sync with Gentoo stable, to 2.25 --- .../coreos-overlay/sys-libs/glibc/Manifest | 4 +- .../files/2.10/glibc-2.10-gentoo-chk_fail.c | 315 --------------- ...c-2.10-hardened-configure-picdefault.patch | 30 -- ...ibc-2.10-hardened-inittls-nosysenter.patch | 274 ------------- .../files/2.17/glibc-2.17-hardened-pie.patch | 42 -- .../files/2.18/glibc-2.18-gentoo-chk_fail.c | 314 --------------- .../2.18/glibc-2.18-gentoo-stack_chk_fail.c | 322 --------------- ...ibc-2.18-hardened-inittls-nosysenter.patch | 277 ------------- ...c-2.19-hardened-configure-picdefault.patch | 30 -- ...ibc-2.20-hardened-inittls-nosysenter.patch | 306 -------------- .../2.23/glibc-2.23-binutils-update.patch | 57 --- .../files/2.23/glibc-2.23-c-utf8-locale.patch | 270 ------------- .../glibc-2.23-gshadow-handle-erange.patch | 114 ------ .../glibc-2.23-pthread-use-after-free.patch | 132 ------ .../files/2.24/glibc-2.24-c-utf8-locale.patch | 270 ------------- .../glibc-2.25-gentoo-chk_fail.c} | 4 + .../2.6/glibc-2.6-gentoo-stack_chk_fail.c | 321 --------------- .../sys-libs/glibc/files/eblits/common.eblit | 381 ------------------ .../glibc/files/eblits/pkg_postinst.eblit | 21 - .../glibc/files/eblits/pkg_preinst.eblit | 59 --- .../glibc/files/eblits/pkg_pretend.eblit | 137 ------- .../glibc/files/eblits/pkg_setup.eblit | 9 - .../glibc/files/eblits/src_compile.eblit | 35 -- .../glibc/files/eblits/src_configure.eblit | 282 ------------- .../glibc/files/eblits/src_install.eblit | 231 ----------- .../glibc/files/eblits/src_prepare.eblit | 65 --- .../glibc/files/eblits/src_test.eblit | 30 -- .../glibc/files/eblits/src_unpack.eblit | 121 ------ .../sys-libs/glibc/files/nscd-conf.tmpfiles | 2 - ...c-2.23-r6.ebuild => glibc-2.25-r11.ebuild} | 92 +---- .../sys-libs/glibc/metadata.xml | 3 +- 31 files changed, 27 insertions(+), 4523 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch rename sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/{2.20/glibc-2.20-gentoo-chk_fail.c => 2.25/glibc-2.25-gentoo-chk_fail.c} (99%) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_setup.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_compile.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_configure.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles rename sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/{glibc-2.23-r6.ebuild => glibc-2.25-r11.ebuild} (63%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest index 5f5a1f1556..2647cc409e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest @@ -1,3 +1,3 @@ DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f -DIST glibc-2.23-patches-8.tar.bz2 304199 SHA256 6110777176abfb8d287d82804d98e007c255db6040a1beca589a212772c90482 SHA512 470814bbbd9d4ee5fa2dd7570a2e14b0229723e373e801472856fd6c2f089499eddc300f69b49af8ba0edbdca583ee3ca521fdb5c642509717cafea0ad925fd2 WHIRLPOOL 1ef9a431d67d7669f34f7db21185d50ddd6dc82c549a9ff274f0b98454417f4098ee771bfe10073be12d3c153ee46ff36e40b46ecb31844ab09791ae29b49074 -DIST glibc-2.23.tar.xz 13455260 SHA256 94efeb00e4603c8546209cefb3e1a50a5315c86fa9b078b6fad758e187ce13e9 SHA512 b82953388cd028e174cb08f082557bbce0dad8b67b17d31b29f90102fd52a51e03d591448ecb64882a1c1d5303afffc7f6ede85cee4c784a9284fbc9b4ad26cf WHIRLPOOL 7c7e3bf55a89a04bac917b9ca5a1cbb1613f22c427d2766f114b5a36f9635856005b823852ef5d3b73462b577fe4e5865e68e7b64633d48a95fa1e5eaa831a71 +DIST glibc-2.25-patches-15.tar.bz2 78320 SHA256 63667d2c27d5aa540d5a9c4d8774b169933553a5cc57ff44d1c9ebbe099dc030 SHA512 7204218ea82b677e0f278c4752ddb90aa0c08ac2349d061de81ec91dac204b0f10fe223d7b1055b9e0c21dac97c835f913a90c0168a5000d3be00dd20027c185 WHIRLPOOL 21af5b2efb036d4f7290f75b23f6d2cb79f91178c3374a007fde888060c9c94306e4165cf07077cce9390c0d7b9980a2b5291a32f7b6b56895294df6975ba6d9 +DIST glibc-2.25.tar.xz 13873900 SHA256 067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0 SHA512 5b7a2418d5b8a1b6a907c6c7fb6477ee2a473151cb45e03d0d4cdd9a33497c90b1ee39e2e7e885e2b25743dcd3747336ef114b4a73eb001da1fd79f29e0f9a6e WHIRLPOOL dc2fafaa4a0e5581268338453838a03ed0c5e7a2af844e8fb7086ab8d3ae48efbdbe6f25db1d089ae669cd2f8b0412f690d965506753d86f8525da2df59b7953 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c deleted file mode 100644 index 37711e8aac..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c +++ /dev/null @@ -1,315 +0,0 @@ -/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2008 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP and FORTIFY handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP and FORTIFY handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - * Magnus Granberg - */ - -#include -#include -#include -#include -#include - -#include - -#include -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif - -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - -/* Common handler code, used by chk_fail - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": buffer overflow attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** buffer overflow detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __chk_fail(void) -{ - __hardened_gentoo_chk_fail(NULL, 0); -} - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch deleted file mode 100644 index e75ccc788c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch +++ /dev/null @@ -1,30 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn -Fixed for glibc 2.10 by Magnus Granberg - ---- configure.in -+++ configure.in -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - libc_cv_pic_default=no - fi - rm -f conftest.*]) ---- configure -+++ configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - libc_cv_pic_default=no - fi - rm -f conftest.* diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch deleted file mode 100644 index cb6d8e3c78..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,274 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn -Fixed for 2.10 by Magnus Granberg - ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -129,6 +130,11 @@ - # endif - _dl_aux_init (auxvec); - # endif -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- csu/libc-tls.c -+++ csu/libc-tls.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - - #ifdef SHARED -@@ -29,6 +30,9 @@ - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - extern ElfW(Phdr) *_dl_phdr; - extern size_t _dl_phnum; - -@@ -141,14 +145,26 @@ - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+# endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c -+++ misc/sbrk.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c -+++ sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *__unbounded newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, -+ __ptrvalue (addr)); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h -+++ sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch deleted file mode 100644 index da4fb82539..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch +++ /dev/null @@ -1,42 +0,0 @@ -2012-11-11 Magnus Granberg - - #442712 - * Makeconfig (+link): Set to +link-pie. - (+link-static-before-libc): Change $(static-start-installed-name) to - S$(static-start-installed-name). - (+prector): Set to +prectorS. - (+postctor): Set to +postctorS. - ---- libc/Makeconfig -+++ libc/Makeconfig -@@ -447,11 +447,12 @@ - $(common-objpfx)libc% $(+postinit),$^) \ - $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) - endif -++link = $(+link-pie) - # Command for statically linking programs with the C library. - ifndef +link-static - +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \ - $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ -- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ -+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ - $(+preinit) $(+prectorT) \ - $(filter-out $(addprefix $(csu-objpfx),start.o \ - $(start-installed-name))\ -@@ -549,11 +550,10 @@ - ifeq ($(elf),yes) - +preinit = $(addprefix $(csu-objpfx),crti.o) - +postinit = $(addprefix $(csu-objpfx),crtn.o) --+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` --+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` --# Variants of the two previous definitions for linking PIE programs. - +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` - +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` -++prector = $(+prectorS) -++postctor = $(+postctorS) - # Variants of the two previous definitions for statically linking programs. - +prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o` - +postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` - +interp = $(addprefix $(elf-objpfx),interp.os) - endif - csu-objpfx = $(common-objpfx)csu/ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c deleted file mode 100644 index c1934362f6..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c +++ /dev/null @@ -1,314 +0,0 @@ -/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2013 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP and FORTIFY handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP and FORTIFY handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - * Magnus Granberg - */ - -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif - -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - -/* Common handler code, used by chk_fail - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": buffer overflow attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** buffer overflow detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __chk_fail(void) -{ - __hardened_gentoo_chk_fail(NULL, 0); -} - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c deleted file mode 100644 index 9535c21578..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c +++ /dev/null @@ -1,322 +0,0 @@ -/* Copyright (C) 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2013 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * Fixed to support glibc-2.18 by Magnus Granberg - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - */ - -#include -#include -#include -#include - -#include - -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - - -/* Common handler code, used by stack_chk_fail and __stack_smash_handler - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_stack_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": stack smashing attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** stack smashing detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __stack_chk_fail(void) -{ - __hardened_gentoo_stack_chk_fail(NULL, 0); -} - -#ifdef ENABLE_OLD_SSP_COMPAT -__attribute__ ((__noreturn__)) -void __stack_smash_handler(char func[], int damaged) -{ - __hardened_gentoo_stack_chk_fail(func, damaged); -} -#endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch deleted file mode 100644 index 8907ab2c6a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,277 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn -Fixed for 2.10 by Magnus Granberg -Fixed for 2.18 by Magnus Granberg - ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char - GL(dl_phnum) = __ehdr_start.e_phnum; - } - } -- -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- csu/libc-tls.c -+++ csu/libc-tls.c -@@ -22,14 +22,17 @@ - #include - #include - #include -- -+#include - - #ifdef SHARED - #error makefile bug, this file is for static only - #endif - --dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - -+dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; - - static struct - { -@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+#endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+#endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c -+++ misc/sbrk.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c -+++ sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,29 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void * newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h -+++ sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch deleted file mode 100644 index 341d8c5028..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch +++ /dev/null @@ -1,30 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn -Fixed for glibc 2.19 by Magnus Granberg - ---- configure.ac -+++ configure.ac -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - libc_cv_pic_default=no - fi - rm -f conftest.*]) ---- configure -+++ configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - libc_cv_pic_default=no - fi - rm -f conftest.* diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch deleted file mode 100644 index 35eabe9401..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,306 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_PRE_TLS is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_PRE_TLS is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn -Fixed for 2.10 by Magnus Granberg -Fixed for 2.18 by Magnus Granberg -Fixed for 2.20 by Francisco Blas Izquierdo Riera - ---- a/csu/libc-start.c -+++ b/csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char - } - } - -+# ifdef INTERNAL_SYSCALL_PRE_TLS -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_PRE_TLS - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- a/csu/libc-tls.c -+++ b/csu/libc-tls.c -@@ -22,12 +22,17 @@ - #include - #include - #include -+#include - - - #ifdef SHARED - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif -+ - dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; - - -@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+# define __sbrk __sbrk_nosysenter -+#endif - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV - is defined add another #elif here and in the following #ifs. */ - # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined" - #endif -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+# undef __sbrk -+#endif - - /* Align the TLS block. */ - tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1) ---- a/misc/sbrk.c -+++ b/misc/sbrk.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used via -+ dynamic loading in a statically linked program update __curbrk from the -+ kernel's brk value. That way two separate instances of __brk and __sbrk -+ can share the heap, returning interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif -+ - void * - __sbrk (intptr_t increment) - { ---- a/sysdeps/unix/sysv/linux/i386/brk.c -+++ b/sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif -+ - int - __brk (void *addr) - { ---- a/sysdeps/unix/sysv/linux/i386/sysdep.h -+++ b/sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# ifdef __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# ifdef __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && defined __PIC__ - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +494,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && defined __PIC__ - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" ---- a/sysdeps/i386/nptl/tls.h -+++ b/sysdeps/i386/nptl/tls.h -@@ -189,6 +189,15 @@ - desc->vals[3] = 0x51; - } - -+/* We have no sysenter until the tls is initialized which is a -+ problem for PIC. Thus we need to do the right call depending -+ on the situation. */ -+#ifndef INTERNAL_SYSCALL_PRE_TLS -+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL -+#else -+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS -+#endif -+ - /* Code to initially initialize the thread pointer. This might need - special attention since 'errno' is not yet available and if the - operation can cause a failure 'errno' must not be touched. */ -@@ -209,7 +218,7 @@ - \ - /* Install the TLS. */ \ - INTERNAL_SYSCALL_DECL (err); \ -- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ -+ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ - \ - if (_result == 0) \ - /* We know the index in the GDT, now load the segment register. \ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch deleted file mode 100644 index c955b37ac5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 388b4f1a02f3a801965028bbfcd48d905638b797 Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" -Date: Fri, 23 Jun 2017 14:38:46 -0700 -Subject: [PATCH] Avoid .symver on common symbols [BZ #21666] - -The .symver directive on common symbol just creates a new common symbol, -not an alias and the newer assembler with the bug fix for - -https://sourceware.org/bugzilla/show_bug.cgi?id=21661 - -will issue an error. Before the fix, we got - -$ readelf -sW libc.so | grep "loc[12s]" - 5109: 00000000003a0608 8 OBJECT LOCAL DEFAULT 36 loc1 - 5188: 00000000003a0610 8 OBJECT LOCAL DEFAULT 36 loc2 - 5455: 00000000003a0618 8 OBJECT LOCAL DEFAULT 36 locs - 6575: 00000000003a05f0 8 OBJECT GLOBAL DEFAULT 36 locs@GLIBC_2.2.5 - 7156: 00000000003a05f8 8 OBJECT GLOBAL DEFAULT 36 loc1@GLIBC_2.2.5 - 7312: 00000000003a0600 8 OBJECT GLOBAL DEFAULT 36 loc2@GLIBC_2.2.5 - -in libc.so. The versioned loc1, loc2 and locs have the wrong addresses. -After the fix, we got - -$ readelf -sW libc.so | grep "loc[12s]" - 6570: 000000000039e3b8 8 OBJECT GLOBAL DEFAULT 34 locs@GLIBC_2.2.5 - 7151: 000000000039e3c8 8 OBJECT GLOBAL DEFAULT 34 loc1@GLIBC_2.2.5 - 7307: 000000000039e3c0 8 OBJECT GLOBAL DEFAULT 34 loc2@GLIBC_2.2.5 - - [BZ #21666] - * misc/regexp.c (loc1): Add __attribute__ ((nocommon)); - (loc2): Likewise. - (locs): Likewise. ---- -diff --git a/misc/regexp.c b/misc/regexp.c -index 19d76c0..eaea7c3 100644 ---- a/misc/regexp.c -+++ b/misc/regexp.c -@@ -29,14 +29,15 @@ - - #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_23) - --/* Define the variables used for the interface. */ --char *loc1; --char *loc2; -+/* Define the variables used for the interface. Avoid .symver on common -+ symbol, which just creates a new common symbol, not an alias. */ -+char *loc1 __attribute__ ((nocommon)); -+char *loc2 __attribute__ ((nocommon)); - compat_symbol (libc, loc1, loc1, GLIBC_2_0); - compat_symbol (libc, loc2, loc2, GLIBC_2_0); - - /* Although we do not support the use we define this variable as well. */ --char *locs; -+char *locs __attribute__ ((nocommon)); - compat_symbol (libc, locs, locs, GLIBC_2_0); - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch deleted file mode 100644 index f5da4192e0..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001 -From: Mike FABIAN -Date: Mon, 10 Aug 2015 15:58:12 +0200 -Subject: [PATCH] Add a C.UTF-8 locale - ---- - localedata/SUPPORTED | 1 + - localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 239 insertions(+) - create mode 100644 localedata/locales/C - -diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED -index 8ca023e..2a78391 100644 ---- a/localedata/SUPPORTED -+++ b/localedata/SUPPORTED -@@ -1,6 +1,7 @@ - # This file names the currently supported and somewhat tested locales. - # If you have any additions please file a glibc bug report. - SUPPORTED-LOCALES=\ -+C.UTF-8/UTF-8 \ - aa_DJ.UTF-8/UTF-8 \ - aa_DJ/ISO-8859-1 \ - aa_ER/UTF-8 \ -diff --git a/localedata/locales/C b/localedata/locales/C -new file mode 100644 -index 0000000..fdf460e ---- /dev/null -+++ b/localedata/locales/C -@@ -0,0 +1,238 @@ -+escape_char / -+comment_char % -+% Locale for C locale in UTF-8 -+ -+LC_IDENTIFICATION -+title "C locale" -+source "" -+address "" -+contact "" -+email "mfabian@redhat.com" -+tel "" -+fax "" -+language "C" -+territory "" -+revision "1.0" -+date "2015-08-10" -+% -+category "C:2015";LC_IDENTIFICATION -+category "C:2015";LC_CTYPE -+category "C:2015";LC_COLLATE -+category "C:2015";LC_TIME -+category "C:2015";LC_NUMERIC -+category "C:2015";LC_MONETARY -+category "C:2015";LC_MESSAGES -+category "C:2015";LC_PAPER -+category "C:2015";LC_NAME -+category "C:2015";LC_ADDRESS -+category "C:2015";LC_TELEPHONE -+category "C:2015";LC_MEASUREMENT -+END LC_IDENTIFICATION -+ -+LC_CTYPE -+copy "i18n" -+ -+translit_start -+include "translit_combining";"" -+translit_end -+ -+END LC_CTYPE -+ -+LC_COLLATE -+order_start forward -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+UNDEFINED -+order_end -+END LC_COLLATE -+ -+LC_MONETARY -+% This is the 14652 i18n fdcc-set definition for -+% the LC_MONETARY category -+% (except for the int_curr_symbol and currency_symbol, they are empty in -+% the 14652 i18n fdcc-set definition and also empty in -+% glibc/locale/C-monetary.c. But localedef complains in that case). -+% -+% Using "USD" for int_curr_symbol. But maybe "XXX" would be better? -+% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217) -+int_curr_symbol "" -+% Using "$" for currency_symbol. But maybe would be better? -+% U+00A4 is the "generic currency symbol" -+% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29) -+currency_symbol "" -+mon_decimal_point "" -+mon_thousands_sep "" -+mon_grouping -1 -+positive_sign "" -+negative_sign "" -+int_frac_digits -1 -+frac_digits -1 -+p_cs_precedes -1 -+int_p_sep_by_space -1 -+p_sep_by_space -1 -+n_cs_precedes -1 -+int_n_sep_by_space -1 -+n_sep_by_space -1 -+p_sign_posn -1 -+n_sign_posn -1 -+% -+END LC_MONETARY -+ -+LC_NUMERIC -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+decimal_point "" -+thousands_sep "" -+grouping -1 -+END LC_NUMERIC -+ -+LC_TIME -+% This is the POSIX Locale definition for -+% the LC_TIME category. -+% -+% Abbreviated weekday names (%a) -+abday "";"";/ -+ "";"";/ -+ "";"";/ -+ "" -+ -+% Full weekday names (%A) -+day "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Abbreviated month names (%b) -+abmon "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"" -+ -+% Full month names (%B) -+mon "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Week description, consists of three fields: -+% 1. Number of days in a week. -+% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday). -+% 3. The weekday number to be contained in the first week of the year. -+% -+% ISO 8601 conforming applications should use the values 7, 19971201 (a -+% Monday), and 4 (Thursday), respectively. -+week 7;19971201;4 -+first_weekday 1 -+first_workday 1 -+ -+% Appropriate date and time representation (%c) -+% "%a %b %e %H:%M:%S %Y" -+d_t_fmt "" -+ -+% Appropriate date representation (%x) -+% "%m/%d/%y" -+d_fmt "" -+ -+% Appropriate time representation (%X) -+% "%H:%M:%S" -+t_fmt "" -+ -+% Appropriate AM/PM time representation (%r) -+% "%I:%M:%S %p" -+t_fmt_ampm "" -+ -+% Equivalent of AM/PM (%p) "AM"/"PM" -+% -+am_pm "";"" -+ -+% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y" -+date_fmt "" -+END LC_TIME -+ -+LC_MESSAGES -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+yesexpr "" -+noexpr "" -+yesstr "" -+nostr "" -+END LC_MESSAGES -+ -+LC_PAPER -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_PAPER category. -+% (A4 paper, this is also used in the built in C/POSIX -+% locale in glibc/locale/C-paper.c) -+height 297 -+width 210 -+END LC_PAPER -+ -+LC_NAME -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_NAME category. -+% "%p%t%g%t%m%t%f" -+% (also used in the built in C/POSIX locale in glibc/locale/C-name.c) -+name_fmt "/ -+" -+END LC_NAME -+ -+LC_ADDRESS -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_ADDRESS category. -+% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N" -+% (also used in the built in C/POSIX locale in glibc/locale/C-address.c) -+postal_fmt "/ -+/ -+/ -+/ -+" -+END LC_ADDRESS -+ -+LC_TELEPHONE -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_TELEPHONE category. -+% "+%c %a %l" -+tel_int_fmt "/ -+" -+% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c) -+END LC_TELEPHONE -+ -+LC_MEASUREMENT -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_MEASUREMENT category. -+% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c) -+%metric -+measurement 1 -+END LC_MEASUREMENT -+ --- -2.4.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch deleted file mode 100644 index d223e9f088..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 74250a7cdf106d4ca7d9506e6d5dc7c448dc3434 Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Thu, 15 Dec 2016 15:22:57 -0800 -Subject: [PATCH] gshadow: Sync fgetsgent_r.c with grp/fgetgrent_r.c - - [BZ #20338] - * gshadow/fgetsgent_r.c: Include . - (flockfile): New macro. - (funlockfile): Likewise. - (__fgetsgent_r): Sync with __fgetgrent_r. - * nss/nss_files/files-sgrp.c: Fix "fgetsgent_r.c" typo. ---- - gshadow/fgetsgent_r.c | 35 ++++++++++++++++++++++++----------- - nss/nss_files/files-sgrp.c | 2 +- - 2 files changed, 25 insertions(+), 12 deletions(-) - -diff --git a/gshadow/fgetsgent_r.c b/gshadow/fgetsgent_r.c -index b70f6fa..02cd33a 100644 ---- a/gshadow/fgetsgent_r.c -+++ b/gshadow/fgetsgent_r.c -@@ -20,39 +20,44 @@ - #include - #include - -+#include -+#define flockfile(s) _IO_flockfile (s) -+#define funlockfile(s) _IO_funlockfile (s) -+ - /* Define a line parsing function using the common code - used in the nss_files module. */ - - #define STRUCTURE sgrp - #define ENTNAME sgent --#define EXTERN_PARSER 1 -+#define EXTERN_PARSER 1 - struct sgent_data {}; - - #include - - --/* Read one shadow entry from the given stream. */ -+/* Read one entry from the given stream. */ - int - __fgetsgent_r (FILE *stream, struct sgrp *resbuf, char *buffer, size_t buflen, - struct sgrp **result) - { - char *p; -+ int parse_result; - -- _IO_flockfile (stream); -+ flockfile (stream); - do - { - buffer[buflen - 1] = '\xff'; - p = fgets_unlocked (buffer, buflen, stream); -- if (p == NULL && feof_unlocked (stream)) -+ if (__builtin_expect (p == NULL, 0) && feof_unlocked (stream)) - { -- _IO_funlockfile (stream); -+ funlockfile (stream); - *result = NULL; - __set_errno (ENOENT); - return errno; - } -- if (p == NULL || buffer[buflen - 1] != '\xff') -+ if (__builtin_expect (p == NULL, 0) || buffer[buflen - 1] != '\xff') - { -- _IO_funlockfile (stream); -+ funlockfile (stream); - *result = NULL; - __set_errno (ERANGE); - return errno; -@@ -61,13 +66,21 @@ __fgetsgent_r (FILE *stream, struct sgrp *resbuf, char *buffer, size_t buflen, - /* Skip leading blanks. */ - while (isspace (*p)) - ++p; -- } while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ -+ } while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */ - /* Parse the line. If it is invalid, loop to - get the next line of the file to parse. */ -- ! parse_line (buffer, (void *) resbuf, (void *) buffer, buflen, -- &errno)); -+ || ! (parse_result = parse_line (p, resbuf, -+ (void *) buffer, buflen, -+ &errno))); -+ -+ funlockfile (stream); - -- _IO_funlockfile (stream); -+ if (__builtin_expect (parse_result, 0) == -1) -+ { -+ /* The parser ran out of space. */ -+ *result = NULL; -+ return errno; -+ } - - *result = resbuf; - return 0; -diff --git a/nss/nss_files/files-sgrp.c b/nss/nss_files/files-sgrp.c -index 15dc659..05c3805 100644 ---- a/nss/nss_files/files-sgrp.c -+++ b/nss/nss_files/files-sgrp.c -@@ -23,7 +23,7 @@ - #define DATABASE "gshadow" - struct sgent_data {}; - --/* Our parser function is already defined in sgetspent_r.c, so use that -+/* Our parser function is already defined in sgetsgent_r.c, so use that - to parse lines from the database file. */ - #define EXTERN_PARSER - #include "files-parse.c" --- -2.7.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch deleted file mode 100644 index c9734c0a15..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch +++ /dev/null @@ -1,132 +0,0 @@ -diff -Naur glibc-2.22_orig/nptl/createthread.c glibc-2.22/nptl/createthread.c ---- glibc-2.22_orig/nptl/createthread.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/nptl/createthread.c 2016-09-28 11:27:50.831206703 -0700 -@@ -25,13 +25,13 @@ - - static int - create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) -+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) - { - /* If the implementation needs to do some tweaks to the thread after - it has been created at the OS level, it can set STOPPED_START here. */ - -- pd->stopped_start = stopped_start; -- if (__glibc_unlikely (stopped_start)) -+ pd->stopped_start = *stopped_start; -+ if (__glibc_unlikely (*stopped_start)) - /* We make sure the thread does not run far by forcing it to get a - lock. We lock it here too so that the new thread cannot continue - until we tell it to. */ -diff -Naur glibc-2.22_orig/nptl/pthread_create.c glibc-2.22/nptl/pthread_create.c ---- glibc-2.22_orig/nptl/pthread_create.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/nptl/pthread_create.c 2016-09-28 11:31:20.839209223 -0700 -@@ -72,7 +72,7 @@ - case it is responsible for doing its own cleanup. */ - - static int create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, -+ bool *stopped_start, STACK_VARIABLES_PARMS, - bool *thread_ran); - - #include -@@ -633,14 +633,16 @@ - that cares whether the thread count is correct. */ - atomic_increment (&__nptl_nthreads); - -+ bool stopped_start = false; - bool thread_ran = false; - - /* Start the thread. */ - if (__glibc_unlikely (report_thread_creation (pd))) - { -+ stopped_start = true; - /* Create the thread. We always create the thread stopped - so that it does not get far before we tell the debugger. */ -- retval = create_thread (pd, iattr, true, STACK_VARIABLES_ARGS, -+ retval = create_thread (pd, iattr, &stopped_start, STACK_VARIABLES_ARGS, - &thread_ran); - if (retval == 0) - { -@@ -667,7 +669,7 @@ - } - } - else -- retval = create_thread (pd, iattr, false, STACK_VARIABLES_ARGS, -+ retval = create_thread (pd, iattr, &stopped_start, STACK_VARIABLES_ARGS, - &thread_ran); - - if (__glibc_unlikely (retval != 0)) -@@ -701,7 +703,8 @@ - } - else - { -- if (pd->stopped_start) -+ /* do not use pd->stopped_start to avoid use after free */ -+ if (stopped_start) - /* The thread blocked on this lock either because we're doing TD_CREATE - event reporting, or for some other reason that create_thread chose. - Now let it run free. */ -diff -Naur glibc-2.22_orig/sysdeps/nacl/createthread.c glibc-2.22/sysdeps/nacl/createthread.c ---- glibc-2.22_orig/sysdeps/nacl/createthread.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/sysdeps/nacl/createthread.c 2016-09-28 11:27:34.983206513 -0700 -@@ -32,12 +32,12 @@ - - static int - create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) -+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) - { - pd->tid = __nacl_get_tid (pd); - -- pd->stopped_start = stopped_start; -- if (__glibc_unlikely (stopped_start)) -+ pd->stopped_start = *stopped_start; -+ if (__glibc_unlikely (*stopped_start)) - /* We make sure the thread does not run far by forcing it to get a - lock. We lock it here too so that the new thread cannot continue - until we tell it to. */ -diff -Naur glibc-2.22_orig/sysdeps/unix/sysv/linux/createthread.c glibc-2.22/sysdeps/unix/sysv/linux/createthread.c ---- glibc-2.22_orig/sysdeps/unix/sysv/linux/createthread.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/sysdeps/unix/sysv/linux/createthread.c 2016-09-28 11:27:18.275206312 -0700 -@@ -46,7 +46,7 @@ - - static int - create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) -+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) - { - /* Determine whether the newly created threads has to be started - stopped since we have to set the scheduling parameters or set the -@@ -54,10 +54,10 @@ - if (attr != NULL - && (__glibc_unlikely (attr->cpuset != NULL) - || __glibc_unlikely ((attr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0))) -- stopped_start = true; -+ *stopped_start = true; - -- pd->stopped_start = stopped_start; -- if (__glibc_unlikely (stopped_start)) -+ pd->stopped_start = *stopped_start; -+ if (__glibc_unlikely (*stopped_start)) - /* We make sure the thread does not run far by forcing it to get a - lock. We lock it here too so that the new thread cannot continue - until we tell it to. */ -@@ -117,7 +117,7 @@ - /* Set the affinity mask if necessary. */ - if (attr->cpuset != NULL) - { -- assert (stopped_start); -+ assert (*stopped_start); - - res = INTERNAL_SYSCALL (sched_setaffinity, err, 3, pd->tid, - attr->cpusetsize, attr->cpuset); -@@ -140,7 +140,7 @@ - /* Set the scheduling parameters. */ - if ((attr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0) - { -- assert (stopped_start); -+ assert (*stopped_start); - - res = INTERNAL_SYSCALL (sched_setscheduler, err, 3, pd->tid, - pd->schedpolicy, &pd->schedparam); diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch deleted file mode 100644 index 7fabf303f1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001 -From: Mike FABIAN -Date: Mon, 10 Aug 2015 15:58:12 +0200 -Subject: [PATCH] Add a C.UTF-8 locale - ---- - localedata/SUPPORTED | 1 + - localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 239 insertions(+) - create mode 100644 localedata/locales/C - -diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED -index 8ca023e..2a78391 100644 ---- a/localedata/SUPPORTED -+++ b/localedata/SUPPORTED -@@ -1,6 +1,7 @@ - # This file names the currently supported and somewhat tested locales. - # If you have any additions please file a glibc bug report. - SUPPORTED-LOCALES=\ -+C.UTF-8/UTF-8 \ - aa_DJ.UTF-8/UTF-8 \ - aa_DJ/ISO-8859-1 \ - aa_ER/UTF-8 \ -diff --git a/localedata/locales/C b/localedata/locales/C -new file mode 100644 -index 0000000..fdf460e ---- /dev/null -+++ b/localedata/locales/C -@@ -0,0 +1,238 @@ -+escape_char / -+comment_char % -+% Locale for C locale in UTF-8 -+ -+LC_IDENTIFICATION -+title "C locale" -+source "" -+address "" -+contact "" -+email "mfabian@redhat.com" -+tel "" -+fax "" -+language "C" -+territory "" -+revision "1.0" -+date "2015-08-10" -+% -+category "i18n:2012";LC_IDENTIFICATION -+category "i18n:2012";LC_CTYPE -+category "i18n:2012";LC_COLLATE -+category "i18n:2012";LC_TIME -+category "i18n:2012";LC_NUMERIC -+category "i18n:2012";LC_MONETARY -+category "i18n:2012";LC_MESSAGES -+category "i18n:2012";LC_PAPER -+category "i18n:2012";LC_NAME -+category "i18n:2012";LC_ADDRESS -+category "i18n:2012";LC_TELEPHONE -+category "i18n:2012";LC_MEASUREMENT -+END LC_IDENTIFICATION -+ -+LC_CTYPE -+copy "i18n" -+ -+translit_start -+include "translit_combining";"" -+translit_end -+ -+END LC_CTYPE -+ -+LC_COLLATE -+order_start forward -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+UNDEFINED -+order_end -+END LC_COLLATE -+ -+LC_MONETARY -+% This is the 14652 i18n fdcc-set definition for -+% the LC_MONETARY category -+% (except for the int_curr_symbol and currency_symbol, they are empty in -+% the 14652 i18n fdcc-set definition and also empty in -+% glibc/locale/C-monetary.c. But localedef complains in that case). -+% -+% Using "USD" for int_curr_symbol. But maybe "XXX" would be better? -+% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217) -+int_curr_symbol "" -+% Using "$" for currency_symbol. But maybe would be better? -+% U+00A4 is the "generic currency symbol" -+% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29) -+currency_symbol "" -+mon_decimal_point "" -+mon_thousands_sep "" -+mon_grouping -1 -+positive_sign "" -+negative_sign "" -+int_frac_digits -1 -+frac_digits -1 -+p_cs_precedes -1 -+int_p_sep_by_space -1 -+p_sep_by_space -1 -+n_cs_precedes -1 -+int_n_sep_by_space -1 -+n_sep_by_space -1 -+p_sign_posn -1 -+n_sign_posn -1 -+% -+END LC_MONETARY -+ -+LC_NUMERIC -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+decimal_point "" -+thousands_sep "" -+grouping -1 -+END LC_NUMERIC -+ -+LC_TIME -+% This is the POSIX Locale definition for -+% the LC_TIME category. -+% -+% Abbreviated weekday names (%a) -+abday "";"";/ -+ "";"";/ -+ "";"";/ -+ "" -+ -+% Full weekday names (%A) -+day "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Abbreviated month names (%b) -+abmon "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"" -+ -+% Full month names (%B) -+mon "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Week description, consists of three fields: -+% 1. Number of days in a week. -+% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday). -+% 3. The weekday number to be contained in the first week of the year. -+% -+% ISO 8601 conforming applications should use the values 7, 19971201 (a -+% Monday), and 4 (Thursday), respectively. -+week 7;19971201;4 -+first_weekday 1 -+first_workday 1 -+ -+% Appropriate date and time representation (%c) -+% "%a %b %e %H:%M:%S %Y" -+d_t_fmt "" -+ -+% Appropriate date representation (%x) -+% "%m/%d/%y" -+d_fmt "" -+ -+% Appropriate time representation (%X) -+% "%H:%M:%S" -+t_fmt "" -+ -+% Appropriate AM/PM time representation (%r) -+% "%I:%M:%S %p" -+t_fmt_ampm "" -+ -+% Equivalent of AM/PM (%p) "AM"/"PM" -+% -+am_pm "";"" -+ -+% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y" -+date_fmt "" -+END LC_TIME -+ -+LC_MESSAGES -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+yesexpr "" -+noexpr "" -+yesstr "" -+nostr "" -+END LC_MESSAGES -+ -+LC_PAPER -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_PAPER category. -+% (A4 paper, this is also used in the built in C/POSIX -+% locale in glibc/locale/C-paper.c) -+height 297 -+width 210 -+END LC_PAPER -+ -+LC_NAME -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_NAME category. -+% "%p%t%g%t%m%t%f" -+% (also used in the built in C/POSIX locale in glibc/locale/C-name.c) -+name_fmt "/ -+" -+END LC_NAME -+ -+LC_ADDRESS -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_ADDRESS category. -+% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N" -+% (also used in the built in C/POSIX locale in glibc/locale/C-address.c) -+postal_fmt "/ -+/ -+/ -+/ -+" -+END LC_ADDRESS -+ -+LC_TELEPHONE -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_TELEPHONE category. -+% "+%c %a %l" -+tel_int_fmt "/ -+" -+% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c) -+END LC_TELEPHONE -+ -+LC_MEASUREMENT -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_MEASUREMENT category. -+% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c) -+%metric -+measurement 1 -+END LC_MEASUREMENT -+ --- -2.4.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c index a8ab9d8a3e..2ef96b75ea 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c @@ -297,3 +297,7 @@ void __chk_fail(void) { __hardened_gentoo_fail(); } + +#ifdef GENTOO_SSP_HANDLER +strong_alias (__stack_chk_fail, __stack_chk_fail_local) +#endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c deleted file mode 100644 index 217bf1a907..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c +++ /dev/null @@ -1,321 +0,0 @@ -/* Copyright (C) 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2007 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - */ - -#include -#include -#include -#include - -#include - -#include -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - - -/* Common handler code, used by stack_chk_fail and __stack_smash_handler - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_stack_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": stack smashing attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** stack smashing detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __stack_chk_fail(void) -{ - __hardened_gentoo_stack_chk_fail(NULL, 0); -} - -#ifdef ENABLE_OLD_SSP_COMPAT -__attribute__ ((__noreturn__)) -void __stack_smash_handler(char func[], int damaged) -{ - __hardened_gentoo_stack_chk_fail(func, damaged); -} -#endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit deleted file mode 100644 index 370782b4b4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit +++ /dev/null @@ -1,381 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -alt_prefix() { - is_crosscompile && echo /usr/${CTARGET} -} - -if [[ ${EAPI:-0} == [012] ]] ; then - : ${ED:=${D}} - : ${EROOT:=${ROOT}} -fi -# This indirection is for binpkgs. #523332 -_nonfatal() { nonfatal "$@" ; } -if [[ ${EAPI:-0} == [0123] ]] ; then - nonfatal() { "$@" ; } - _nonfatal() { "$@" ; } -fi - -# We need to be able to set alternative headers for -# compiling for non-native platform -# Will also become useful for testing kernel-headers without screwing up -# the whole system. -# note: intentionally undocumented. -alt_headers() { - echo ${ALT_HEADERS:=$(alt_prefix)/usr/include} -} -alt_build_headers() { - if [[ -z ${ALT_BUILD_HEADERS} ]] ; then - ALT_BUILD_HEADERS="${EPREFIX}$(alt_headers)" - if tc-is-cross-compiler ; then - ALT_BUILD_HEADERS=${SYSROOT}$(alt_headers) - if [[ ! -e ${ALT_BUILD_HEADERS}/linux/version.h ]] ; then - local header_path=$(echo '#include ' | $(tc-getCPP ${CTARGET}) ${CFLAGS} 2>&1 | grep -o '[^"]*linux/version.h') - ALT_BUILD_HEADERS=${header_path%/linux/version.h} - fi - fi - fi - echo "${ALT_BUILD_HEADERS}" -} - -alt_libdir() { - echo $(alt_prefix)/$(get_libdir) -} -alt_usrlibdir() { - echo $(alt_prefix)/usr/$(get_libdir) -} - -builddir() { - echo "${WORKDIR}/build-${ABI}-${CTARGET}-$1" -} - -setup_target_flags() { - # This largely mucks with compiler flags. None of which should matter - # when building up just the headers. - just_headers && return 0 - - case $(tc-arch) in - x86) - # -march needed for #185404 #199334 - # TODO: When creating the first glibc cross-compile, this test will - # always fail as it does a full link which in turn requires glibc. - # Probably also applies when changing multilib profile settings (e.g. - # enabling x86 when the profile was amd64-only previously). - # We could change main to _start and pass -nostdlib here so that we - # only test the gcc code compilation. Or we could do a compile and - # then look for the symbol via scanelf. - if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then - local t=${CTARGET_OPT:-${CTARGET}} - t=${t%%-*} - filter-flags '-march=*' - export CFLAGS="-march=${t} ${CFLAGS}" - einfo "Auto adding -march=${t} to CFLAGS #185404" - fi - ;; - amd64) - # -march needed for #185404 #199334 - # Note: This test only matters when the x86 ABI is enabled, so we could - # optimize a bit and elide it. - # TODO: See cross-compile issues listed above for x86. - if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then - local t=${CTARGET_OPT:-${CTARGET}} - t=${t%%-*} - # Normally the target is x86_64-xxx, so turn that into the -march that - # gcc actually accepts. #528708 - [[ ${t} == "x86_64" ]] && t="x86-64" - filter-flags '-march=*' - # ugly, ugly, ugly. ugly. - CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}") - export CFLAGS_x86="${CFLAGS_x86} -march=${t}" - einfo "Auto adding -march=${t} to CFLAGS_x86 #185404" - fi - ;; - mips) - # The mips abi cannot support the GNU style hashes. #233233 - filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both - ;; - ppc) - append-flags "-freorder-blocks" - ;; - sparc) - # Both sparc and sparc64 can use -fcall-used-g6. -g7 is bad, though. - filter-flags "-fcall-used-g7" - append-flags "-fcall-used-g6" - - # If the CHOST is the basic one (e.g. not sparcv9-xxx already), - # try to pick a better one so glibc can use cpu-specific .S files. - # We key off the CFLAGS to get a good value. Also need to handle - # version skew. - # We can't force users to set their CHOST to their exact machine - # as many of these are not recognized by config.sub/gcc and such :(. - # Note: If the mcpu values don't scale, we might try probing CPP defines. - # Note: Should we factor in -Wa,-AvXXX flags too ? Or -mvis/etc... ? - - local cpu - case ${CTARGET} in - sparc64-*) - case $(get-flag mcpu) in - niagara[234]) - if version_is_at_least 2.8 ; then - cpu="sparc64v2" - elif version_is_at_least 2.4 ; then - cpu="sparc64v" - elif version_is_at_least 2.2.3 ; then - cpu="sparc64b" - fi - ;; - niagara) - if version_is_at_least 2.4 ; then - cpu="sparc64v" - elif version_is_at_least 2.2.3 ; then - cpu="sparc64b" - fi - ;; - ultrasparc3) - cpu="sparc64b" - ;; - *) - # We need to force at least v9a because the base build doesn't - # work with just v9. - # https://sourceware.org/bugzilla/show_bug.cgi?id=19477 - [[ -z ${cpu} ]] && append-flags "-Wa,-xarch=v9a" - ;; - esac - ;; - sparc-*) - case $(get-flag mcpu) in - niagara[234]) - if version_is_at_least 2.8 ; then - cpu="sparcv9v2" - elif version_is_at_least 2.4 ; then - cpu="sparcv9v" - elif version_is_at_least 2.2.3 ; then - cpu="sparcv9b" - else - cpu="sparcv9" - fi - ;; - niagara) - if version_is_at_least 2.4 ; then - cpu="sparcv9v" - elif version_is_at_least 2.2.3 ; then - cpu="sparcv9b" - else - cpu="sparcv9" - fi - ;; - ultrasparc3) - cpu="sparcv9b" - ;; - v9|ultrasparc) - cpu="sparcv9" - ;; - v8|supersparc|hypersparc|leon|leon3) - cpu="sparcv8" - ;; - esac - ;; - esac - [[ -n ${cpu} ]] && CTARGET_OPT="${cpu}-${CTARGET#*-}" - ;; - esac -} - -setup_flags() { - # Make sure host make.conf doesn't pollute us - if is_crosscompile || tc-is-cross-compiler ; then - CHOST=${CTARGET} strip-unsupported-flags - fi - - # Store our CFLAGS because it's changed depending on which CTARGET - # we are building when pulling glibc on a multilib profile - CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}} - CFLAGS=${CFLAGS_BASE} - CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}} - CXXFLAGS=${CXXFLAGS_BASE} - ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}} - ASFLAGS=${ASFLAGS_BASE} - - # Over-zealous CFLAGS can often cause problems. What may work for one - # person may not work for another. To avoid a large influx of bugs - # relating to failed builds, we strip most CFLAGS out to ensure as few - # problems as possible. - strip-flags - strip-unsupported-flags - filter-flags -m32 -m64 -mabi=* - - # Bug 492892. - filter-flags -frecord-gcc-switches - - unset CBUILD_OPT CTARGET_OPT - if use multilib ; then - CTARGET_OPT=$(get_abi_CTARGET) - [[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST) - fi - - setup_target_flags - - if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then - CBUILD_OPT=${CTARGET_OPT} - fi - - # Lock glibc at -O2 -- linuxthreads needs it and we want to be - # conservative here. -fno-strict-aliasing is to work around #155906 - filter-flags -O? - append-flags -O2 -fno-strict-aliasing - - # Can't build glibc itself with fortify code. Newer versions add - # this flag for us, so no need to do it manually. - version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE - - # building glibc with SSP is fraught with difficulty, especially - # due to __stack_chk_fail_local which would mean significant changes - # to the glibc build process. See bug #94325 #293721 - # Note we have to handle both user-given CFLAGS and gcc defaults via - # spec rules here. We can't simply add -fno-stack-protector as it gets - # added before user flags, and we can't just filter-flags because - # _filter_hardened doesn't support globs. - filter-flags -fstack-protector* - gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector) - - if use hardened && gcc-specs-pie ; then - # Force PIC macro definition for all compilations since they're all - # either -fPIC or -fPIE with the default-PIE compiler. - append-cppflags -DPIC - else - # Don't build -fPIE without the default-PIE compiler and the - # hardened-pie patch - filter-flags -fPIE - fi -} - -want_nptl() { - [[ -z ${LT_VER} ]] && return 0 - want_tls || return 1 - use nptl || return 1 - - # Older versions of glibc had incomplete arch support for nptl. - # But if you're building those now, you can handle USE=nptl yourself. - return 0 -} - -want_linuxthreads() { - [[ -z ${LT_VER} ]] && return 1 - use linuxthreads -} - -want_tls() { - # Archs that can use TLS (Thread Local Storage) - case $(tc-arch) in - x86) - # requires i486 or better #106556 - [[ ${CTARGET} == i[4567]86* ]] && return 0 - return 1 - ;; - esac - - return 0 -} - -want__thread() { - want_tls || return 1 - - # For some reason --with-tls --with__thread is causing segfaults on sparc32. - [[ ${PROFILE_ARCH} == "sparc" ]] && return 1 - - [[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD} - - # only test gcc -- cant test linking yet - tc-has-tls -c ${CTARGET} - WANT__THREAD=$? - - return ${WANT__THREAD} -} - -use_multiarch() { - # Make sure binutils is new enough to support indirect functions #336792 - # This funky sed supports gold and bfd linkers. - local bver nver - bver=$($(tc-getLD ${CTARGET}) -v | sed -n -r '1{s:[^0-9]*::;s:^([0-9.]*).*:\1:;p}') - case $(tc-arch ${CTARGET}) in - amd64|x86) nver="2.20" ;; - arm) nver="2.22" ;; - hppa) nver="2.23" ;; - ppc|ppc64) nver="2.20" ;; - # ifunc was added in 2.23, but glibc also needs machinemode which is in 2.24. - s390) nver="2.24" ;; - sparc) nver="2.21" ;; - *) return 1 ;; - esac - version_is_at_least ${nver} ${bver} -} - -# Setup toolchain variables that had historically -# been defined in the profiles for these archs. -setup_env() { - # silly users - unset LD_RUN_PATH - unset LD_ASSUME_KERNEL - - if is_crosscompile || tc-is-cross-compiler ; then - multilib_env ${CTARGET_OPT:-${CTARGET}} - - if ! use multilib ; then - MULTILIB_ABIS=${DEFAULT_ABI} - else - MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}} - fi - - # If the user has CFLAGS_ in their make.conf, use that, - # and fall back on CFLAGS. - local VAR=CFLAGS_${CTARGET//[-.]/_} - CFLAGS=${!VAR-${CFLAGS}} - fi - - setup_flags - - export ABI=${ABI:-${DEFAULT_ABI:-default}} - - local VAR=CFLAGS_${ABI} - # We need to export CFLAGS with abi information in them because glibc's - # configure script checks CFLAGS for some targets (like mips). Keep - # around the original clean value to avoid appending multiple ABIs on - # top of each other. - : ${__GLIBC_CC:=$(tc-getCC ${CTARGET_OPT:-${CTARGET}})} - export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}" -} - -foreach_abi() { - setup_env - - local ret=0 - local abilist="" - if use multilib ; then - abilist=$(get_install_abis) - else - abilist=${DEFAULT_ABI} - fi - evar_push ABI - export ABI - for ABI in ${abilist:-default} ; do - setup_env - einfo "Running $1 for ABI ${ABI}" - $1 - : $(( ret |= $? )) - done - evar_pop - return ${ret} -} - -just_headers() { - is_crosscompile && use crosscompile_opts_headers-only -} - -glibc_banner() { - local b="Gentoo ${PVR}" - [[ -n ${SNAP_VER} ]] && b+=" snapshot ${SNAP_VER}" - [[ -n ${BRANCH_UPDATE} ]] && b+=" branch ${BRANCH_UPDATE}" - [[ -n ${PATCH_VER} ]] && ! use vanilla && b+=" p${PATCH_VER}" - echo "${b}" -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit deleted file mode 100644 index 827cba9b51..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -eblit-glibc-pkg_postinst() { - # nothing to do if just installing headers - just_headers && return - - if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then - # Generate fastloading iconv module configuration file. - "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" - fi - - if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then - # Reload init ... if in a chroot or a diff init package, ignore - # errors from this step #253697 - /sbin/telinit U 2>/dev/null - - ## COREOS: locale-gen is not installed - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit deleted file mode 100644 index 65c7c958af..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -# Simple test to make sure our new glibc isnt completely broken. -# Make sure we don't test with statically built binaries since -# they will fail. Also, skip if this glibc is a cross compiler. -# -# If coreutils is built with USE=multicall, some of these files -# will just be wrapper scripts, not actual ELFs we can test. -glibc_sanity_check() { - cd / #228809 - - # We enter ${ED} so to avoid trouble if the path contains - # special characters; for instance if the path contains the - # colon character (:), then the linker will try to split it - # and look for the libraries in an unexpected place. This can - # lead to unsafe code execution if the generated prefix is - # within a world-writable directory. - # (e.g. /var/tmp/portage:${HOSTNAME}) - pushd "${ED}"/$(get_libdir) >/dev/null - - local x striptest - for x in cal date env free ls true uname uptime ; do - x=$(type -p ${x}) - [[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue - striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue - case ${striptest} in - *"statically linked"*) continue;; - *"ASCII text"*) continue;; - esac - # We need to clear the locale settings as the upgrade might want - # incompatible locale data. This test is not for verifying that. - LC_ALL=C \ - ./ld-*.so --library-path . ${x} > /dev/null \ - || die "simple run test (${x}) failed" - done - - popd >/dev/null -} - -eblit-glibc-pkg_preinst() { - # nothing to do if just installing headers - just_headers && return - - # prepare /etc/ld.so.conf.d/ for files - mkdir -p "${EROOT}"/etc/ld.so.conf.d - - ## COREOS: host.conf is not installed - - [[ ${ROOT} != "/" ]] && return 0 - [[ -d ${ED}/$(get_libdir) ]] || return 0 - [[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check - - # For newer EAPIs, this was run in pkg_pretend. - if [[ ${EAPI:-0} == [0123] ]] ; then - check_devpts - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit deleted file mode 100644 index 03c947f3e3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit +++ /dev/null @@ -1,137 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -glibc_compile_test() { - local ret save_cflags=${CFLAGS} - CFLAGS+=" $1" - shift - - pushd "${T}" >/dev/null - - rm -f glibc-test* - printf '%b' "$*" > glibc-test.c - - _nonfatal emake -s glibc-test - ret=$? - - popd >/dev/null - - CFLAGS=${save_cflags} - return ${ret} -} - -glibc_run_test() { - local ret - - if [[ ${EMERGE_FROM} == "binary" ]] ; then - # ignore build failures when installing a binary package #324685 - glibc_compile_test "" "$@" 2>/dev/null || return 0 - else - if ! glibc_compile_test "" "$@" ; then - ewarn "Simple build failed ... assuming this is desired #324685" - return 0 - fi - fi - - pushd "${T}" >/dev/null - - ./glibc-test - ret=$? - rm -f glibc-test* - - popd >/dev/null - - return ${ret} -} - -check_devpts() { - ## COREOS: Ignore /dev/pts settings, the chroot has no control over them. - return 0 -} - -eblit-glibc-pkg_pretend() { - # For older EAPIs, this is run in pkg_preinst. - if [[ ${EAPI:-0} != [0123] ]] ; then - check_devpts - fi - - # Prevent native builds from downgrading. - if [[ ${MERGE_TYPE} != "buildonly" ]] && \ - [[ ${ROOT} == "/" ]] && \ - [[ ${CBUILD} == ${CHOST} ]] && \ - [[ ${CHOST} == ${CTARGET} ]] ; then - # The high rev # is to allow people to downgrade between -r# versions. - # We want to block 2.20->2.19, but 2.20-r3->2.20-r2 should be fine. - # Hopefully we never actually use a r# this high. - if has_version ">${CATEGORY}/${P}-r10000" ; then - eerror "Sanity check to keep you from breaking your system:" - eerror " Downgrading glibc is not supported and a sure way to destruction" - die "aborting to save your system" - fi - - if ! glibc_run_test '#include \nint main(){return getpwuid(0)==0;}\n' - then - eerror "Your patched vendor kernel is broken. You need to get an" - eerror "update from whoever is providing the kernel to you." - eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227" - eerror "http://bugs.gentoo.org/262698" - die "keeping your system alive, say thank you" - fi - - if ! glibc_run_test '#include \n#include \nint main(){return syscall(1000)!=-1;}\n' - then - eerror "Your old kernel is broken. You need to update it to" - eerror "a newer version as syscall() will break." - eerror "http://bugs.gentoo.org/279260" - die "keeping your system alive, say thank you" - fi - fi - - # users have had a chance to phase themselves, time to give em the boot - if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then - eerror "You still haven't deleted ${EROOT}/etc/locales.build." - eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." - die "lazy upgrader detected" - fi - - if [[ ${CTARGET} == i386-* ]] ; then - eerror "i386 CHOSTs are no longer supported." - eerror "Chances are you don't actually want/need i386." - eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml" - die "please fix your CHOST" - fi - - if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then - ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." - ewarn "This will result in a 50% performance penalty when running with a 32bit" - ewarn "hypervisor, which is probably not what you want." - fi - - use hardened && ! gcc-specs-pie && \ - ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" - - # Make sure host system is up to date #394453 - if has_version ' /dev/null - local addons=$(echo */configure | sed \ - -e 's:/configure::g' \ - -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \ - -e 's: \+$::' \ - -e 's! !,!g' \ - -e 's!^!,!' \ - -e '/^,\*$/d') - [[ -d ports ]] && addons+=",ports" - popd > /dev/null - - myconf+=( $(use_enable hardened stackguard-randomization) ) - if has_version ' "${T}"/test.c - if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then - sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die - mkdir -p sunrpc - cp $(which rpcgen) sunrpc/cross-rpcgen || die - touch -t 202001010101 sunrpc/cross-rpcgen || die - fi - fi -} - -toolchain-glibc_headers_configure() { - export ABI=default - - local builddir=$(builddir "headers") - mkdir -p "${builddir}" - cd "${builddir}" - - # if we don't have a compiler yet, we cant really test it now ... - # hopefully they don't affect header geneation, so let's hope for - # the best here ... - local v vars=( - ac_cv_header_cpuid_h=yes - libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes - libc_cv_asm_cfi_directives=yes - libc_cv_broken_visibility_attribute=no - libc_cv_c_cleanup=yes - libc_cv_forced_unwind=yes - libc_cv_gcc___thread=yes - libc_cv_mlong_double_128=yes - libc_cv_mlong_double_128ibm=yes - libc_cv_ppc_machine=yes - libc_cv_ppc_rel16=yes - libc_cv_predef_{fortify_source,stack_protector}=no - libc_cv_visibility_attribute=yes - libc_cv_z_combreloc=yes - libc_cv_z_execstack=yes - libc_cv_z_initfirst=yes - libc_cv_z_nodelete=yes - libc_cv_z_nodlopen=yes - libc_cv_z_relro=yes - libc_mips_abi=${ABI} - libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard) - # These libs don't have configure flags. - ac_cv_lib_audit_audit_log_user_avc_message=no - ac_cv_lib_cap_cap_init=no - ) - einfo "Forcing cached settings:" - for v in "${vars[@]}" ; do - einfo " ${v}" - export ${v} - done - - # Blow away some random CC settings that screw things up. #550192 - if [[ -d ${S}/sysdeps/mips ]]; then - pushd "${S}"/sysdeps/mips >/dev/null - sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die - sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die - if version_is_at_least 2.21 ; then - # Force the mips ABI to the default. This is OK because the set of - # installed headers in this phase is the same between the 3 ABIs. - # If this ever changes, this hack will break, but that's unlikely - # as glibc discourages that behavior. - # https://crbug.com/647033 - sed -i -e 's:abiflag=.*:abiflag=_ABIO32:' preconfigure || die - fi - popd >/dev/null - fi - - local myconf=() - myconf+=( - --disable-sanity-checks - --enable-hacker-mode - --without-cvs - --disable-werror - --enable-bind-now - --build=${CBUILD_OPT:-${CBUILD}} - --host=${CTARGET_OPT:-${CTARGET}} - --with-headers=$(alt_build_headers) - --prefix="${EPREFIX}/usr" - ${EXTRA_ECONF} - ) - - local addons - [[ -d ${S}/ports ]] && addons+=",ports" - # Newer versions require nptl, so there is no addon for it. - version_is_at_least 2.20 || addons+=",nptl" - myconf+=( --enable-add-ons="${addons#,}" ) - - # Nothing is compiled here which would affect the headers for the target. - # So forcing CC/CFLAGS is sane. - set -- "${S}"/configure "${myconf[@]}" - echo "$@" - CC="$(tc-getBUILD_CC)" \ - CFLAGS="-O1 -pipe" \ - CPPFLAGS="-U_FORTIFY_SOURCE" \ - LDFLAGS="" \ - "$@" || die "failed to configure glibc" -} - -toolchain-glibc_src_configure() { - if just_headers ; then - toolchain-glibc_headers_configure - else - want_linuxthreads && glibc_do_configure linuxthreads - want_nptl && glibc_do_configure nptl - fi -} - -eblit-glibc-src_configure() { - foreach_abi toolchain-glibc_src_configure -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit deleted file mode 100644 index 6d0353f7bf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -toolchain-glibc_src_install() { - local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl)) - cd "${builddir}" - - emake install_root="${D}$(alt_prefix)" install || die - - if want_linuxthreads && want_nptl ; then - einfo "Installing NPTL to $(alt_libdir)/tls/..." - cd "$(builddir nptl)" - dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl - - local l src_lib - for l in libc libm librt libpthread libthread_db ; do - # take care of shared lib first ... - l=${l}.so - if [[ -e ${l} ]] ; then - src_lib=${l} - else - src_lib=$(eval echo */${l}) - fi - cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}" - fperms a+rx $(alt_libdir)/tls/${l} - dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib}) - - # then grab the linker script or the symlink ... - if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then - dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l} - else - sed \ - -e "s:/${l}:/tls/${l}:g" \ - -e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \ - "${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l} - fi - - # then grab the static lib ... - src_lib=${src_lib/%.so/.a} - [[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a} - cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" - src_lib=${src_lib/%.a/_nonshared.a} - if [[ -e ${src_lib} ]] ; then - cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" - fi - done - - # use the nptl linker instead of the linuxthreads one as the linuxthreads - # one may lack TLS support and that can be really bad for business - cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp" - fi - - # Newer versions get fancy with libm linkage to include vectorized support. - # While we don't really need a ldscript here, portage QA checks get upset. - if [[ -e ${ED}$(alt_usrlibdir)/libm-${PV}.a ]] ; then - dosym ../../$(get_libdir)/libm-${PV}.so $(alt_usrlibdir)/libm-${PV}.so - fi - - # We'll take care of the cache ourselves - rm -f "${ED}"/etc/ld.so.cache - - # Everything past this point just needs to be done once ... - is_final_abi || return 0 - - # Make sure the non-native interp can be found on multilib systems even - # if the main library set isn't installed into the right place. Maybe - # we should query the active gcc for info instead of hardcoding it ? - local i ldso_abi ldso_name - local ldso_abi_list=( - # x86 - amd64 /lib64/ld-linux-x86-64.so.2 - x32 /libx32/ld-linux-x32.so.2 - x86 /lib/ld-linux.so.2 - # mips - o32 /lib/ld.so.1 - n32 /lib32/ld.so.1 - n64 /lib64/ld.so.1 - # powerpc - ppc /lib/ld.so.1 - ppc64 /lib64/ld64.so.1 - # s390 - s390 /lib/ld.so.1 - s390x /lib/ld64.so.1 - # sparc - sparc32 /lib/ld-linux.so.2 - sparc64 /lib64/ld-linux.so.2 - ) - case $(tc-endian) in - little) - ldso_abi_list+=( - # arm - arm64 /lib/ld-linux-aarch64.so.1 - ) - ;; - big) - ldso_abi_list+=( - # arm - arm64 /lib/ld-linux-aarch64_be.so.1 - ) - ;; - esac - if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then - dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib - fi - for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do - ldso_abi=${ldso_abi_list[i]} - has ${ldso_abi} $(get_install_abis) || continue - - ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}" - if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then - dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name} - fi - done - - # With devpts under Linux mounted properly, we do not need the pt_chown - # binary to be setuid. This is because the default owners/perms will be - # exactly what we want. - if in_iuse suid && ! use suid ; then - find "${ED}" -name pt_chown -exec chmod -s {} + - fi - - ################################################################# - # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY # - # Make sure we install some symlink hacks so that when we build - # a 2nd stage cross-compiler, gcc finds the target system - # headers correctly. See gcc/doc/gccinstall.info - if is_crosscompile ; then - # We need to make sure that /lib and /usr/lib always exists. - # gcc likes to use relative paths to get to its multilibs like - # /usr/lib/../lib64/. So while we don't install any files into - # /usr/lib/, we do need it to exist. - cd "${ED}"$(alt_libdir)/.. - [[ -e lib ]] || mkdir lib - cd "${ED}"$(alt_usrlibdir)/.. - [[ -e lib ]] || mkdir lib - - dosym usr/include $(alt_prefix)/sys-include - return 0 - fi - - ## COREOS ## - # For reference, the rest of this function has been modified to do: - # - The SDK just gets the full locale archive, no need for locale-gen. - # - CoreOS targets (which are cross compiled) don't get any locales. - # - Config files are installed by baselayout, not glibc. - # - Install nscd/systemd stuff in /usr. - - if ! tc-is-cross-compiler ; then - emake install_root="${D}$(alt_prefix)" localedata/install-locales || die - # Sanity check the above command worked - [[ -f ${ED}/usr/$(get_libdir)/locale/locale-archive ]] || die - else - keepdir /usr/$(get_libdir)/locale - fi - - # Make sure all the ABI's can find the locales and so we only - # have to generate one set - local a - for a in $(get_install_abis) ; do - if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then - dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale - fi - done - - # Clean out any default configs - rm -rf "${ED}"/etc - - cd "${S}" - - # Install misc network config files - insinto /usr/share/baselayout - doins nscd/nscd.conf || die - - if ! in_iuse nscd || use nscd ; then - systemd_dounit nscd/nscd.service || die - systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die - systemd_newtmpfilesd "${FILESDIR}"/nscd-conf.tmpfiles nscd-conf.conf || die - fi - - echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc - doenvd "${T}"/00glibc || die - - for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do - [[ -s ${d} ]] && dodoc ${d} - done -} - -toolchain-glibc_headers_install() { - local builddir=$(builddir "headers") - cd "${builddir}" - emake install_root="${D}$(alt_prefix)" install-headers || die - if ! version_is_at_least 2.16 ; then - insinto $(alt_headers)/bits - doins bits/stdio_lim.h || die - fi - insinto $(alt_headers)/gnu - doins "${S}"/include/gnu/stubs.h || die "doins include gnu" - # Make sure we install the sys-include symlink so that when - # we build a 2nd stage cross-compiler, gcc finds the target - # system headers correctly. See gcc/doc/gccinstall.info - dosym usr/include $(alt_prefix)/sys-include -} - -src_strip() { - # gdb is lame and requires some debugging information to remain in - # libpthread, so we need to strip it by hand. libthread_db makes no - # sense stripped as it is only used when debugging. - local pthread=$(has splitdebug ${FEATURES} && echo "libthread_db" || echo "lib{pthread,thread_db}") - env \ - -uRESTRICT \ - CHOST=${CTARGET} \ - STRIP_MASK="/*/{,tls/}${pthread}*" \ - prepallstrip - # if user has stripping enabled and does not have split debug turned on, - # then leave the debugging sections in libpthread. - if ! has nostrip ${FEATURES} && ! has splitdebug ${FEATURES} ; then - ${STRIP:-${CTARGET}-strip} --strip-debug "${ED}"/*/libpthread-*.so - fi -} - -eblit-glibc-src_install() { - if just_headers ; then - export ABI=default - toolchain-glibc_headers_install - return - fi - - foreach_abi toolchain-glibc_src_install - src_strip -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit deleted file mode 100644 index 11ff7af6f8..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -eblit-glibc-src_prepare() { - # XXX: We should do the branchupdate, before extracting the manpages and - # infopages else it does not help much (mtimes change if there is a change - # to them with branchupdate) - if [[ -n ${BRANCH_UPDATE} ]] ; then - epatch "${DISTDIR}"/glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 - - # Snapshot date patch - einfo "Patching version to display snapshot date ..." - sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h - fi - - # tag, glibc is it - if ! version_is_at_least 2.17 ; then - [[ -e csu/Banner ]] && die "need new banner location" - glibc_banner > csu/Banner - fi - if [[ -n ${PATCH_VER} ]] && ! use vanilla ; then - EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." \ - EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \ - EPATCH_SUFFIX="patch" \ - ARCH=$(tc-arch) \ - epatch "${WORKDIR}"/patches - fi - - if just_headers ; then - if [[ -e ports/sysdeps/mips/preconfigure ]] ; then - # mips peeps like to screw with us. if building headers, - # we don't have a real compiler, so we can't let them - # insert -mabi on us. - sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die - find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} + - fi - fi - - epatch_user - - gnuconfig_update - - # Glibc is stupid sometimes, and doesn't realize that with a - # static C-Only gcc, -lgcc_eh doesn't exist. - # https://sourceware.org/ml/libc-alpha/2003-09/msg00100.html - # https://sourceware.org/ml/libc-alpha/2005-02/msg00042.html - # But! Finally fixed in recent versions: - # https://sourceware.org/ml/libc-alpha/2012-05/msg01865.html - if ! version_is_at_least 2.16 ; then - echo 'int main(){}' > "${T}"/gcc_eh_test.c - if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then - sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh" - fi - fi - - cd "${WORKDIR}" - find . -type f '(' -size 0 -o -name "*.orig" ')' -delete - find . -name configure -exec touch {} + - - eprefixify extra/locale/locale-gen - - # Fix permissions on some of the scripts. - chmod u+x "${S}"/scripts/*.sh -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit deleted file mode 100644 index fc5b950f46..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -glibc_src_test() { - cd "$(builddir $1)" - nonfatal emake -j1 check && return 0 - einfo "make check failed - re-running with --keep-going to get the rest of the results" - nonfatal emake -j1 -k check - ewarn "make check failed for ${ABI}-${CTARGET}-$1" - return 1 -} - -toolchain-glibc_src_test() { - local ret=0 t - for t in linuxthreads nptl ; do - if want_${t} ; then - glibc_src_test ${t} - : $(( ret |= $? )) - fi - done - return ${ret} -} - -eblit-glibc-src_test() { - # Give tests more time to complete. - export TIMEOUTFACTOR=5 - - foreach_abi toolchain-glibc_src_test || die "tests failed" -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit deleted file mode 100644 index 8d4c740717..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit" - -int_to_KV() { - local version=$1 major minor micro - major=$((version / 65536)) - minor=$(((version % 65536) / 256)) - micro=$((version % 256)) - echo ${major}.${minor}.${micro} -} - -eend_KV() { - [[ $(KV_to_int $1) -ge $(KV_to_int $2) ]] - eend $? -} - -get_kheader_version() { - printf '#include \nLINUX_VERSION_CODE\n' | \ - $(tc-getCPP ${CTARGET}) -I "${EPREFIX}/$(alt_build_headers)" - | \ - tail -n 1 -} - -check_nptl_support() { - # don't care about the compiler here as we arent using it - just_headers && return - - local run_kv build_kv want_kv - run_kv=$(int_to_KV $(get_KV)) - build_kv=$(int_to_KV $(get_kheader_version)) - want_kv=${NPTL_KERN_VER} - - ebegin "Checking gcc for __thread support" - if ! eend $(want__thread ; echo $?) ; then - echo - eerror "Could not find a gcc that supports the __thread directive!" - eerror "Please update your binutils/gcc and try again." - die "No __thread support in gcc!" - fi - - if ! is_crosscompile && ! tc-is-cross-compiler ; then - # Building fails on an non-supporting kernel - ebegin "Checking kernel version (${run_kv} >= ${want_kv})" - if ! eend_KV ${run_kv} ${want_kv} ; then - echo - eerror "You need a kernel of at least ${want_kv} for NPTL support!" - die "Kernel version too low!" - fi - fi - - ebegin "Checking linux-headers version (${build_kv} >= ${want_kv})" - if ! eend_KV ${build_kv} ${want_kv} ; then - echo - eerror "You need linux-headers of at least ${want_kv} for NPTL support!" - die "linux-headers version too low!" - fi -} - -unpack_pkg() { - local a=${PN} - [[ -n ${SNAP_VER} ]] && a="${a}-${RELEASE_VER}" - [[ -n $1 ]] && a="${a}-$1" - if [[ -n ${SNAP_VER} ]] ; then - a="${a}-${SNAP_VER}" - else - if [[ -n $2 ]] ; then - a="${a}-$2" - else - a="${a}-${RELEASE_VER}" - fi - fi - if has ${a}.tar.xz ${A} ; then - unpacker ${a}.tar.xz - else - unpack ${a}.tar.bz2 - fi - [[ -n $1 ]] && { mv ${a} $1 || die ; } -} - -toolchain-glibc_src_unpack() { - # Check NPTL support _before_ we unpack things to save some time - want_nptl && check_nptl_support - - if [[ -n ${EGIT_REPO_URIS} ]] ; then - local i d - for ((i=0; i<${#EGIT_REPO_URIS[@]}; ++i)) ; do - EGIT_REPO_URI=${EGIT_REPO_URIS[$i]} - EGIT_SOURCEDIR=${EGIT_SOURCEDIRS[$i]} - git-2_src_unpack - done - else - unpack_pkg - fi - - cd "${S}" - touch locale/C-translit.h #185476 #218003 - [[ -n ${LT_VER} ]] && unpack_pkg linuxthreads ${LT_VER} - [[ -n ${PORTS_VER} ]] && unpack_pkg ports ${PORTS_VER} - [[ -n ${LIBIDN_VER} ]] && unpack_pkg libidn - - if [[ -n ${PATCH_VER} ]] ; then - cd "${WORKDIR}" - unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 - # pull out all the addons - local d - for d in extra/*/configure ; do - d=${d%/configure} - [[ -d ${S}/${d} ]] && die "${d} already exists in \${S}" - mv "${d}" "${S}" || die "moving ${d} failed" - done - fi -} - -eblit-glibc-src_unpack() { - setup_env - - toolchain-glibc_src_unpack - [[ ${EAPI:-0} == [01] ]] && cd "${S}" && eblit-glibc-src_prepare -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles deleted file mode 100644 index 0cf43dcb7a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -L /etc/nscd.conf - - - - ../usr/share/baselayout/nscd.conf -d /var/db/nscd - - - - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild similarity index 63% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild index 07d51f5aaf..45c7b45921 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild @@ -1,16 +1,15 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ -EAPI="4" +EAPI="5" -inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing prefix +inherit toolchain-glibc DESCRIPTION="GNU libc6 (also called glibc2) C library" HOMEPAGE="https://www.gnu.org/software/libc/libc.html" LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86" +KEYWORDS="alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86" RESTRICT="strip" # strip ourself #46186 EMULTILIB_PKG="true" @@ -27,10 +26,13 @@ case ${PV} in ;; esac GCC_BOOTSTRAP_VER="4.7.3-r1" -PATCH_VER="8" # Gentoo patchset +# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ +PATCH_VER="15" # Gentoo patchset : ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires -IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" +GLIBC_PATCH_EXCLUDE+=" 0005_all_sys-types.h-drop-sys-sysmacros.h-include.patch" + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla headers-only" # Here's how the cross-compile logic breaks down ... # CTARGET - machine that will target the binaries @@ -71,6 +73,7 @@ COMMON_DEPEND=" ) ) suid? ( caps? ( sys-libs/libcap ) ) selinux? ( sys-libs/libselinux ) + systemtap? ( dev-util/systemtap ) " DEPEND="${COMMON_DEPEND} >=app-misc/pax-utils-0.1.10 @@ -82,7 +85,7 @@ RDEPEND="${COMMON_DEPEND} !sys-libs/nss-db" if [[ ${CATEGORY} == cross-* ]] ; then - DEPEND+=" !crosscompile_opts_headers-only? ( + DEPEND+=" !headers-only? ( >=${CATEGORY}/binutils-2.24 >=${CATEGORY}/gcc-4.7 )" @@ -100,7 +103,7 @@ upstream_uris() { echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 } gentoo_uris() { - local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + local devspace="HTTP~vapier/dist/URI HTTP~dilfridge/distfiles/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI" devspace=${devspace//HTTP/https://dev.gentoo.org/} echo mirror://gentoo/$1 ${devspace//URI/$1} } @@ -110,70 +113,18 @@ SRC_URI=$( ) SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" -# eblit-include [--skip] [version] -eblit-include() { - local skipable=false - [[ $1 == "--skip" ]] && skipable=true && shift - [[ $1 == pkg_* ]] && skipable=true - - local e v func=$1 ver=$2 - [[ -z ${func} ]] && die "Usage: eblit-include [version]" - for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do - e="${FILESDIR}/eblits/${func}${v}.eblit" - if [[ -e ${e} ]] ; then - source "${e}" - return 0 - fi - done - ${skipable} && return 0 - die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" -} - -# eblit-run-maybe -# run the specified function if it is defined -eblit-run-maybe() { - [[ $(type -t "$@") == "function" ]] && "$@" -} - -# eblit-run [version] -# aka: src_unpack() { eblit-run src_unpack ; } -eblit-run() { - eblit-include --skip common "${*:2}" - eblit-include "$@" - eblit-run-maybe eblit-$1-pre - eblit-${PN}-$1 - eblit-run-maybe eblit-$1-post -} - -src_unpack() { eblit-run src_unpack ; } -src_prepare() { eblit-run src_prepare ; } -src_configure() { eblit-run src_configure ; } -src_compile() { eblit-run src_compile ; } -src_test() { eblit-run src_test ; } -src_install() { eblit-run src_install ; } - -# FILESDIR might not be available during binpkg install -for x in pretend setup {pre,post}inst ; do - e="${FILESDIR}/eblits/pkg_${x}.eblit" - if [[ -e ${e} ]] ; then - . "${e}" - eval "pkg_${x}() { eblit-run pkg_${x} ; }" - fi -done - -eblit-src_unpack-pre() { +src_unpack() { [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack } -eblit-src_prepare-post() { +src_prepare() { + toolchain-glibc_src_prepare + cd "${S}" epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 - ## COREOS: features and bug fixes missing from the Gentoo patch set. - epatch "${FILESDIR}"/2.23/glibc-2.23-gshadow-handle-erange.patch - epatch "${FILESDIR}"/2.23/glibc-2.23-c-utf8-locale.patch - epatch "${FILESDIR}"/2.23/glibc-2.23-pthread-use-after-free.patch - epatch "${FILESDIR}"/2.23/glibc-2.23-binutils-update.patch if use hardened ; then # We don't enable these for non-hardened as the output is very terse -- @@ -181,7 +132,7 @@ eblit-src_prepare-post() { # includes backtraces and symbols. einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die - cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die if use debug ; then # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. @@ -190,11 +141,6 @@ eblit-src_prepare-post() { -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ debug/Makefile || die fi - - # Build various bits with ssp-all - sed -i \ - -e 's:-fstack-protector$:-fstack-protector-all:' \ - */Makefile || die fi case $(gcc-fullversion) in diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml index e6ebe220ca..a953870436 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml @@ -6,10 +6,11 @@ Gentoo Toolchain Project + build *all* locales in src_install; this is generally meant for stage building only as it ignores /etc/locale.gen file and can be pretty slow When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL) build memusage and memusagestat tools Build, and enable support for, the Name Service Cache Daemon - Enable obsolete RPC/NIS layers (disabling is experimental -- see bug 381391) + Enable obsolete RPC/NIS layers Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5 enable systemtap static probe points From c901ee3cb46645abd0546e24a5106f88617f059a Mon Sep 17 00:00:00 2001 From: David Michael Date: Fri, 2 Feb 2018 13:55:36 -0500 Subject: [PATCH 2/8] sys-libs/glibc: Apply CoreOS changes Since eblits were dropped, changes are now applied by overriding eclass functions. The package diff between this and the previous version is just a few new headers and languages (aside from all the version-based renames). Our patches were moved from 2.23 to 2.25 since Gentoo dropped that version and its directory. The pthread patch was dropped since it is in 2.25 as commit f8bf15febcaf137bbec5a61101e88cd5a9d56ca8 . This also moves the 2.24 version of the C UTF-8 locale patch to 2.25, since we skipped 2.24 and the patch hasn't changed as of Fedora 26 (its upstream). --- .../coreos/targets/generic/make.defaults | 1 + .../files/2.25/glibc-2.25-c-utf8-locale.patch | 270 ++++++++++++++++++ .../glibc-2.25-gshadow-handle-erange.patch | 114 ++++++++ .../sys-libs/glibc/files/nscd-conf.tmpfiles | 2 + .../sys-libs/glibc/glibc-2.25-r11.ebuild | 28 ++ 5 files changed, 415 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-c-utf8-locale.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gshadow-handle-erange.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults index 11b26cb160..ff205e130c 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults @@ -13,6 +13,7 @@ FEATURES="nodoc noinfo noman" # Remove bash-completion files as we don't install bash-completion. # Remove locale LC_MESSAGES files. INSTALL_MASK="${INSTALL_MASK} + /usr/sbin/locale-gen /usr/share/bash-completion /usr/share/gtk-doc /usr/share/locale diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-c-utf8-locale.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-c-utf8-locale.patch new file mode 100644 index 0000000000..7fabf303f1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-c-utf8-locale.patch @@ -0,0 +1,270 @@ +From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001 +From: Mike FABIAN +Date: Mon, 10 Aug 2015 15:58:12 +0200 +Subject: [PATCH] Add a C.UTF-8 locale + +--- + localedata/SUPPORTED | 1 + + localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 239 insertions(+) + create mode 100644 localedata/locales/C + +diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED +index 8ca023e..2a78391 100644 +--- a/localedata/SUPPORTED ++++ b/localedata/SUPPORTED +@@ -1,6 +1,7 @@ + # This file names the currently supported and somewhat tested locales. + # If you have any additions please file a glibc bug report. + SUPPORTED-LOCALES=\ ++C.UTF-8/UTF-8 \ + aa_DJ.UTF-8/UTF-8 \ + aa_DJ/ISO-8859-1 \ + aa_ER/UTF-8 \ +diff --git a/localedata/locales/C b/localedata/locales/C +new file mode 100644 +index 0000000..fdf460e +--- /dev/null ++++ b/localedata/locales/C +@@ -0,0 +1,238 @@ ++escape_char / ++comment_char % ++% Locale for C locale in UTF-8 ++ ++LC_IDENTIFICATION ++title "C locale" ++source "" ++address "" ++contact "" ++email "mfabian@redhat.com" ++tel "" ++fax "" ++language "C" ++territory "" ++revision "1.0" ++date "2015-08-10" ++% ++category "i18n:2012";LC_IDENTIFICATION ++category "i18n:2012";LC_CTYPE ++category "i18n:2012";LC_COLLATE ++category "i18n:2012";LC_TIME ++category "i18n:2012";LC_NUMERIC ++category "i18n:2012";LC_MONETARY ++category "i18n:2012";LC_MESSAGES ++category "i18n:2012";LC_PAPER ++category "i18n:2012";LC_NAME ++category "i18n:2012";LC_ADDRESS ++category "i18n:2012";LC_TELEPHONE ++category "i18n:2012";LC_MEASUREMENT ++END LC_IDENTIFICATION ++ ++LC_CTYPE ++copy "i18n" ++ ++translit_start ++include "translit_combining";"" ++translit_end ++ ++END LC_CTYPE ++ ++LC_COLLATE ++order_start forward ++ ++.. ++ ++ ++.. ++ ++ ++.. ++ ++ ++.. ++ ++ ++.. ++ ++ ++.. ++ ++UNDEFINED ++order_end ++END LC_COLLATE ++ ++LC_MONETARY ++% This is the 14652 i18n fdcc-set definition for ++% the LC_MONETARY category ++% (except for the int_curr_symbol and currency_symbol, they are empty in ++% the 14652 i18n fdcc-set definition and also empty in ++% glibc/locale/C-monetary.c. But localedef complains in that case). ++% ++% Using "USD" for int_curr_symbol. But maybe "XXX" would be better? ++% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217) ++int_curr_symbol "" ++% Using "$" for currency_symbol. But maybe would be better? ++% U+00A4 is the "generic currency symbol" ++% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29) ++currency_symbol "" ++mon_decimal_point "" ++mon_thousands_sep "" ++mon_grouping -1 ++positive_sign "" ++negative_sign "" ++int_frac_digits -1 ++frac_digits -1 ++p_cs_precedes -1 ++int_p_sep_by_space -1 ++p_sep_by_space -1 ++n_cs_precedes -1 ++int_n_sep_by_space -1 ++n_sep_by_space -1 ++p_sign_posn -1 ++n_sign_posn -1 ++% ++END LC_MONETARY ++ ++LC_NUMERIC ++% This is the POSIX Locale definition for ++% the LC_NUMERIC category. ++% ++decimal_point "" ++thousands_sep "" ++grouping -1 ++END LC_NUMERIC ++ ++LC_TIME ++% This is the POSIX Locale definition for ++% the LC_TIME category. ++% ++% Abbreviated weekday names (%a) ++abday "";"";/ ++ "";"";/ ++ "";"";/ ++ "" ++ ++% Full weekday names (%A) ++day "";/ ++ "";/ ++ "";/ ++ "";/ ++ "";/ ++ "";/ ++ "" ++ ++% Abbreviated month names (%b) ++abmon "";"";/ ++ "";"";/ ++ "";"";/ ++ "";"";/ ++ "";"";/ ++ "";"" ++ ++% Full month names (%B) ++mon "";/ ++ "";/ ++ "";/ ++ "";/ ++ "";/ ++ "";/ ++ "";/ ++ "";/ ++ "";/ ++ "";/ ++ "";/ ++ "" ++ ++% Week description, consists of three fields: ++% 1. Number of days in a week. ++% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday). ++% 3. The weekday number to be contained in the first week of the year. ++% ++% ISO 8601 conforming applications should use the values 7, 19971201 (a ++% Monday), and 4 (Thursday), respectively. ++week 7;19971201;4 ++first_weekday 1 ++first_workday 1 ++ ++% Appropriate date and time representation (%c) ++% "%a %b %e %H:%M:%S %Y" ++d_t_fmt "" ++ ++% Appropriate date representation (%x) ++% "%m/%d/%y" ++d_fmt "" ++ ++% Appropriate time representation (%X) ++% "%H:%M:%S" ++t_fmt "" ++ ++% Appropriate AM/PM time representation (%r) ++% "%I:%M:%S %p" ++t_fmt_ampm "" ++ ++% Equivalent of AM/PM (%p) "AM"/"PM" ++% ++am_pm "";"" ++ ++% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y" ++date_fmt "" ++END LC_TIME ++ ++LC_MESSAGES ++% This is the POSIX Locale definition for ++% the LC_NUMERIC category. ++% ++yesexpr "" ++noexpr "" ++yesstr "" ++nostr "" ++END LC_MESSAGES ++ ++LC_PAPER ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_PAPER category. ++% (A4 paper, this is also used in the built in C/POSIX ++% locale in glibc/locale/C-paper.c) ++height 297 ++width 210 ++END LC_PAPER ++ ++LC_NAME ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_NAME category. ++% "%p%t%g%t%m%t%f" ++% (also used in the built in C/POSIX locale in glibc/locale/C-name.c) ++name_fmt "/ ++" ++END LC_NAME ++ ++LC_ADDRESS ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_ADDRESS category. ++% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N" ++% (also used in the built in C/POSIX locale in glibc/locale/C-address.c) ++postal_fmt "/ ++/ ++/ ++/ ++" ++END LC_ADDRESS ++ ++LC_TELEPHONE ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_TELEPHONE category. ++% "+%c %a %l" ++tel_int_fmt "/ ++" ++% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c) ++END LC_TELEPHONE ++ ++LC_MEASUREMENT ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_MEASUREMENT category. ++% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c) ++%metric ++measurement 1 ++END LC_MEASUREMENT ++ +-- +2.4.3 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gshadow-handle-erange.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gshadow-handle-erange.patch new file mode 100644 index 0000000000..d223e9f088 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gshadow-handle-erange.patch @@ -0,0 +1,114 @@ +From 74250a7cdf106d4ca7d9506e6d5dc7c448dc3434 Mon Sep 17 00:00:00 2001 +From: David Michael +Date: Thu, 15 Dec 2016 15:22:57 -0800 +Subject: [PATCH] gshadow: Sync fgetsgent_r.c with grp/fgetgrent_r.c + + [BZ #20338] + * gshadow/fgetsgent_r.c: Include . + (flockfile): New macro. + (funlockfile): Likewise. + (__fgetsgent_r): Sync with __fgetgrent_r. + * nss/nss_files/files-sgrp.c: Fix "fgetsgent_r.c" typo. +--- + gshadow/fgetsgent_r.c | 35 ++++++++++++++++++++++++----------- + nss/nss_files/files-sgrp.c | 2 +- + 2 files changed, 25 insertions(+), 12 deletions(-) + +diff --git a/gshadow/fgetsgent_r.c b/gshadow/fgetsgent_r.c +index b70f6fa..02cd33a 100644 +--- a/gshadow/fgetsgent_r.c ++++ b/gshadow/fgetsgent_r.c +@@ -20,39 +20,44 @@ + #include + #include + ++#include ++#define flockfile(s) _IO_flockfile (s) ++#define funlockfile(s) _IO_funlockfile (s) ++ + /* Define a line parsing function using the common code + used in the nss_files module. */ + + #define STRUCTURE sgrp + #define ENTNAME sgent +-#define EXTERN_PARSER 1 ++#define EXTERN_PARSER 1 + struct sgent_data {}; + + #include + + +-/* Read one shadow entry from the given stream. */ ++/* Read one entry from the given stream. */ + int + __fgetsgent_r (FILE *stream, struct sgrp *resbuf, char *buffer, size_t buflen, + struct sgrp **result) + { + char *p; ++ int parse_result; + +- _IO_flockfile (stream); ++ flockfile (stream); + do + { + buffer[buflen - 1] = '\xff'; + p = fgets_unlocked (buffer, buflen, stream); +- if (p == NULL && feof_unlocked (stream)) ++ if (__builtin_expect (p == NULL, 0) && feof_unlocked (stream)) + { +- _IO_funlockfile (stream); ++ funlockfile (stream); + *result = NULL; + __set_errno (ENOENT); + return errno; + } +- if (p == NULL || buffer[buflen - 1] != '\xff') ++ if (__builtin_expect (p == NULL, 0) || buffer[buflen - 1] != '\xff') + { +- _IO_funlockfile (stream); ++ funlockfile (stream); + *result = NULL; + __set_errno (ERANGE); + return errno; +@@ -61,13 +66,21 @@ __fgetsgent_r (FILE *stream, struct sgrp *resbuf, char *buffer, size_t buflen, + /* Skip leading blanks. */ + while (isspace (*p)) + ++p; +- } while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ ++ } while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */ + /* Parse the line. If it is invalid, loop to + get the next line of the file to parse. */ +- ! parse_line (buffer, (void *) resbuf, (void *) buffer, buflen, +- &errno)); ++ || ! (parse_result = parse_line (p, resbuf, ++ (void *) buffer, buflen, ++ &errno))); ++ ++ funlockfile (stream); + +- _IO_funlockfile (stream); ++ if (__builtin_expect (parse_result, 0) == -1) ++ { ++ /* The parser ran out of space. */ ++ *result = NULL; ++ return errno; ++ } + + *result = resbuf; + return 0; +diff --git a/nss/nss_files/files-sgrp.c b/nss/nss_files/files-sgrp.c +index 15dc659..05c3805 100644 +--- a/nss/nss_files/files-sgrp.c ++++ b/nss/nss_files/files-sgrp.c +@@ -23,7 +23,7 @@ + #define DATABASE "gshadow" + struct sgent_data {}; + +-/* Our parser function is already defined in sgetspent_r.c, so use that ++/* Our parser function is already defined in sgetsgent_r.c, so use that + to parse lines from the database file. */ + #define EXTERN_PARSER + #include "files-parse.c" +-- +2.7.4 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles new file mode 100644 index 0000000000..0cf43dcb7a --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles @@ -0,0 +1,2 @@ +L /etc/nscd.conf - - - - ../usr/share/baselayout/nscd.conf +d /var/db/nscd - - - - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild index 45c7b45921..06aa5cd152 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild @@ -125,6 +125,9 @@ src_prepare() { cd "${S}" epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + ## COREOS: Apply features and fixes missing from the Gentoo patch set. + epatch "${FILESDIR}"/${PV}/${P}-gshadow-handle-erange.patch + epatch "${FILESDIR}"/${PV}/${P}-c-utf8-locale.patch if use hardened ; then # We don't enable these for non-hardened as the output is very terse -- @@ -151,3 +154,28 @@ src_prepare() { ;; esac } + +## COREOS: Redefine some eclass-provided functions for local changes. + +# For reference, this function has been modified to do: +# - Config files are installed by baselayout, not glibc. +# - Install nscd/systemd stuff in /usr. +src_install() { + toolchain-glibc_src_install "$@" + + # Use tmpfiles to put nscd.conf in /etc and create directories. + insinto /usr/share/baselayout + if ! in_iuse nscd || use nscd ; then + doins "${S}"/nscd/nscd.conf || die + systemd_newtmpfilesd "${FILESDIR}"/nscd-conf.tmpfiles nscd-conf.conf || die + fi + + # Clean out any default configs. + rm -rf "${ED}"/etc + + # Restore this one for the SDK. + test ! -e "${T}"/00glibc || doenvd "${T}"/00glibc +} + +# Ignore /dev/pts settings, since the chroot has no control over them. +check_devpts() { : ; } From 31718996a0e66f3ea9585676b9f9c84a712b4a52 Mon Sep 17 00:00:00 2001 From: David Michael Date: Wed, 4 Apr 2018 14:45:55 -0400 Subject: [PATCH 3/8] sys-libs/glibc: Work around old profiles This should allow the toolchains bootstrap step to succeed without requiring a profiles sync as part of the upgrade. --- .../coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild index 06aa5cd152..2bbe170673 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild @@ -34,6 +34,9 @@ GLIBC_PATCH_EXCLUDE+=" 0005_all_sys-types.h-drop-sys-sysmacros.h-include.patch" IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla headers-only" +# Drop this after updating profiles. +IUSE+=" crosscompile_opts_headers-only" + # Here's how the cross-compile logic breaks down ... # CTARGET - machine that will target the binaries # CHOST - machine that will host the binaries From f1286ee37bc2e4e9b90d354f881e9722b73c96f5 Mon Sep 17 00:00:00 2001 From: David Michael Date: Wed, 4 Apr 2018 14:45:55 -0400 Subject: [PATCH 4/8] sys-libs/glibc: Work around usrmerge problems Portage will blindly clobber like-named files when extracting /lib and /usr/lib if they are symlinked together on the host. In this case, it extracts a symlink that points to itself, so this changes it to move the library into /usr for the boards. Checks in portage and the ChromeOS scripts prevent any straightforward copying or linking. --- .../sys-libs/glibc/glibc-2.25-r11.ebuild | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild index 2bbe170673..1c80ea228f 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild @@ -166,6 +166,16 @@ src_prepare() { src_install() { toolchain-glibc_src_install "$@" + # Work around #627378 on the boards. + if [[ ${ROOT:-/} =~ ^/build/ ]] ; then + local libm=("${ED}"/usr/lib*/libm-${PV}.so) + libm="${libm[0]:${#ED}}" + if [ -h "${ED}$libm" ] ; then + rm -f "${ED}$libm" + mv "${ED}${libm#/usr}" "${ED}$libm" + fi + fi + # Use tmpfiles to put nscd.conf in /etc and create directories. insinto /usr/share/baselayout if ! in_iuse nscd || use nscd ; then From f335891a59a8f39376987153db8a39da8bc0d496 Mon Sep 17 00:00:00 2001 From: David Michael Date: Mon, 9 Apr 2018 12:58:31 -0400 Subject: [PATCH 5/8] profiles: Drop obsolete curl references --- .../profiles/coreos/arm64/package.accept_keywords | 1 - .../profiles/coreos/base/package.accept_keywords | 3 --- 2 files changed, 4 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index 49f9726a51..305dacc3cc 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -35,7 +35,6 @@ =net-libs/libnftnl-1.0.6 ** =net-libs/serf-1.3.8-r1 ~arm64 =net-misc/bridge-utils-1.5 ~arm64 -=net-misc/curl-7.57.0 ~arm64 =net-misc/iperf-3.1.3 ** =net-misc/socat-1.7.3.2 ~arm64 =net-misc/wget-1.19.1-r2 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 88f9c8c8c7..ebe5d30135 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -48,9 +48,6 @@ dev-util/checkbashisms # All versions are ~amd64 and not enabled on arm64 =sys-apps/nvme-cli-1.1 ** -# https://curl.haxx.se/docs/adv_20170419.html -=net-misc/curl-7.54.0 ** - # CVE-2017-8779 =net-nds/rpcbind-0.2.4-r1 From ded9237668694a7ff60da871de1775a3871a927f Mon Sep 17 00:00:00 2001 From: David Michael Date: Mon, 9 Apr 2018 13:14:35 -0400 Subject: [PATCH 6/8] app-emulation/qemu: Sync with current upstream stable The only CoreOS changes are to add the vpc patch, change edk2-ovmf to edk2, disable pin-upstream-blobs, and stabilize arm64. --- .../app-emulation/qemu/Manifest | 3 +- .../qemu/files/qemu-2.11.0-glibc-2.27.patch | 54 ++++++ .../qemu/files/qemu-2.9.0-CVE-2017-7493.patch | 174 ------------------ .../qemu/files/qemu-2.9.0-CVE-2017-8112.patch | 22 --- .../qemu/files/qemu-2.9.0-CVE-2017-8309.patch | 22 --- .../qemu/files/qemu-2.9.0-CVE-2017-8379.patch | 76 -------- .../qemu/files/qemu-2.9.0-CVE-2017-8380.patch | 34 ---- .../app-emulation/qemu/metadata.xml | 1 + ...-2.9.0-r2.ebuild => qemu-2.11.1-r2.ebuild} | 119 ++++++++---- 9 files changed, 145 insertions(+), 360 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch rename sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/{qemu-2.9.0-r2.ebuild => qemu-2.11.1-r2.ebuild} (86%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest index fb4bf04409..7644627f1c 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest @@ -1 +1,2 @@ -DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1 +DIST qemu-2.11.1-patches-r1.tar.xz 2064 SHA256 08b198d69a14fe852b86c00fbab24832223046407dd170be6d862571e8582536 SHA512 12de7b4777ec98871d0786291534f61b37534feef64b556caeab72e020ff14d61fe19d24cb151ebfdb912df2a7ba72c0d882566b368d88d02c9f1354c2adae4a WHIRLPOOL 91da9ad3278ac130baacf57627a6a4535baef87b480a5321fd049815f2defd9c5ed0ce8bcef1d28e0c7075cc4ea7329decf57d22404915857b3aed319f59f92d +DIST qemu-2.11.1.tar.bz2 32819412 SHA256 d9df2213ceed32e91dab7bc9dd19c1af83f91ba72c7aeef7605dfaaf81732ccb SHA512 1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354 WHIRLPOOL 2de03a00ab3fba1fe2ca8cd11a0948aede5db567a00a2213bf27517501de6fee04e8bd5443dd0af6aed554e20d8371cd4e69b142cb87e7a30abbf16e8aceab06 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch new file mode 100644 index 0000000000..1562bb3c64 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch @@ -0,0 +1,54 @@ +From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 28 Nov 2017 11:51:27 +0100 +Subject: [PATCH] memfd: fix configure test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Recent glibc added memfd_create in sys/mman.h. This conflicts with +the definition in util/memfd.c: + + /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration + +Fix the configure test, and remove the sys/memfd.h inclusion since the +file actually does not exist---it is a typo in the memfd_create(2) man +page. + +Cc: Marc-André Lureau +Signed-off-by: Paolo Bonzini +--- + configure | 2 +- + util/memfd.c | 4 +--- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/configure b/configure +index 9c8aa5a98b..99ccc1725a 100755 +--- a/configure ++++ b/configure +@@ -3923,7 +3923,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include ++#include + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1aba8..412e94a405 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include + #include + +-- +2.11.0 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch deleted file mode 100644 index 346e7713f7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch +++ /dev/null @@ -1,174 +0,0 @@ -From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001 -From: Greg Kurz -Date: Fri, 5 May 2017 14:48:08 +0200 -Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493) - -When using the mapped-file security mode, we shouldn't let the client mess -with the metadata. The current code already tries to hide the metadata dir -from the client by skipping it in local_readdir(). But the client can still -access or modify it through several other operations. This can be used to -escalate privileges in the guest. - -Affected backend operations are: -- local_mknod() -- local_mkdir() -- local_open2() -- local_symlink() -- local_link() -- local_unlinkat() -- local_renameat() -- local_rename() -- local_name_to_path() - -Other operations are safe because they are only passed a fid path, which -is computed internally in local_name_to_path(). - -This patch converts all the functions listed above to fail and return -EINVAL when being passed the name of the metadata dir. This may look -like a poor choice for errno, but there's no such thing as an illegal -path name on Linux and I could not think of anything better. - -This fixes CVE-2017-7493. - -Reported-by: Leo Gaspard -Signed-off-by: Greg Kurz -Reviewed-by: Eric Blake ---- - hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 56 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c -index f3ebca4f7a..a2486566af 100644 ---- a/hw/9pfs/9p-local.c -+++ b/hw/9pfs/9p-local.c -@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs) - return telldir(fs->dir.stream); - } - -+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name) -+{ -+ return !strcmp(name, VIRTFS_META_DIR); -+} -+ - static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs) - { - struct dirent *entry; -@@ -465,8 +470,8 @@ again: - if (ctx->export_flags & V9FS_SM_MAPPED) { - entry->d_type = DT_UNKNOWN; - } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) { -- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) { -- /* skp the meta data directory */ -+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) { -+ /* skip the meta data directory */ - goto again; - } - entry->d_type = DT_UNKNOWN; -@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - /* - * Mark all the open to not follow symlinks - */ -@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath, - int ret = -1; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, odirpath); - if (odirfd == -1) { - goto out; -@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path, - static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path, - const char *name, V9fsPath *target) - { -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - if (dir_path) { - v9fs_path_sprintf(target, "%s/%s", dir_path->data, name); - } else if (strcmp(name, "/")) { -@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir, - int ret; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ (local_is_mapped_file_metadata(ctx, old_name) || -+ local_is_mapped_file_metadata(ctx, new_name))) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, olddir->data); - if (odirfd == -1) { - return -1; -@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir, - int ret; - int dirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(ctx, dir->data); - if (dirfd == -1) { - return -1; --- -2.13.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch deleted file mode 100644 index 31fb69bf89..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch +++ /dev/null @@ -1,22 +0,0 @@ -CVE-2017-8112 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html ---- - hw/scsi/vmw_pvscsi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c -index 7557546..4a106da 100644 ---- a/hw/scsi/vmw_pvscsi.c -+++ b/hw/scsi/vmw_pvscsi.c -@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri) - uint32_t len_log2; - uint32_t ring_size; - -- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { -+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { - return -1; - } - ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE; --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch deleted file mode 100644 index 4f7f870210..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch +++ /dev/null @@ -1,22 +0,0 @@ -bug #616870 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html ---- - audio/audio.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/audio/audio.c b/audio/audio.c -index c8898d8422..beafed209b 100644 ---- a/audio/audio.c -+++ b/audio/audio.c -@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) - sw = sw1; - } - QLIST_REMOVE (cap, entries); -+ g_free (cap->hw.mix_buf); -+ g_free (cap->buf); - g_free (cap); - } - return; --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch deleted file mode 100644 index 0a34dae671..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch +++ /dev/null @@ -1,76 +0,0 @@ -bug #616872 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html ---- - ui/input.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/ui/input.c b/ui/input.c -index ed88cda6d6..fb1f404095 100644 ---- a/ui/input.c -+++ b/ui/input.c -@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue = - QTAILQ_HEAD_INITIALIZER(kbd_queue); - static QEMUTimer *kbd_timer; - static uint32_t kbd_default_delay_ms = 10; -+static uint32_t queue_count; -+static uint32_t queue_limit = 1024; - - QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev, - QemuInputHandler *handler) -@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque) - break; - } - QTAILQ_REMOVE(queue, item, node); -+ queue_count--; - g_free(item); - } - } -@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue, - item->delay_ms = delay_ms; - item->timer = timer; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - - if (start_timer) { - timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) -@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue, - item->src = src; - item->evt = evt; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) -@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) - - item->type = QEMU_INPUT_QUEUE_SYNC; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt) -@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down) - qemu_input_event_send(src, evt); - qemu_input_event_sync(); - qapi_free_InputEvent(evt); -- } else { -+ } else if (queue_count < queue_limit) { - qemu_input_queue_event(&kbd_queue, src, evt); - qemu_input_queue_sync(&kbd_queue); - } -@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms) - kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process, - &kbd_queue); - } -- qemu_input_queue_delay(&kbd_queue, kbd_timer, -- delay_ms ? delay_ms : kbd_default_delay_ms); -+ if (queue_count < queue_limit) { -+ qemu_input_queue_delay(&kbd_queue, kbd_timer, -+ delay_ms ? delay_ms : kbd_default_delay_ms); -+ } - } - - InputEvent *qemu_input_event_new_btn(InputButton btn, bool down) --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch deleted file mode 100644 index 08911dd0bf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch +++ /dev/null @@ -1,34 +0,0 @@ -bug #616874 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html ---- - hw/scsi/megasas.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c -index 84b8caf..804122a 100644 ---- a/hw/scsi/megasas.c -+++ b/hw/scsi/megasas.c -@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr, - case MFI_SEQ: - trace_megasas_mmio_writel("MFI_SEQ", val); - /* Magic sequence to start ADP reset */ -- if (adp_reset_seq[s->adp_reset] == val) { -- s->adp_reset++; -+ if (adp_reset_seq[s->adp_reset++] == val) { -+ if (s->adp_reset == 6) { -+ s->adp_reset = 0; -+ s->diag = MFI_DIAG_WRITE_ENABLE; -+ } - } else { - s->adp_reset = 0; - s->diag = 0; - } -- if (s->adp_reset == 6) { -- s->diag = MFI_DIAG_WRITE_ENABLE; -- } - break; - case MFI_DIAG: - trace_megasas_mmio_writel("MFI_DIAG", val); --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml index 3fe0408cc4..61c159a658 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml @@ -9,6 +9,7 @@ Adds support for braille displays using brltty Enables support for Linux's Async IO Enable alsa output for sound emulation + Enable disassembly support with dev-libs/capstone Support ISOs / -cdrom directives vis HTTP or HTTPS. Enables firmware device tree support Enables GlusterFS cluster fileystem via diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild similarity index 86% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild index 3bcf97ea40..766846a3be 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI="6" @@ -8,6 +8,8 @@ PYTHON_REQ_USE="ncurses,readline" PLOCALES="bg de_DE fr_FR hu it tr zh_CN" +FIRMWARE_ABI_VERSION="2.9.0-r52" + inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ user udev fcaps readme.gentoo-r1 pax-utils l10n @@ -18,6 +20,9 @@ if [[ ${PV} = *9999* ]]; then else SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" KEYWORDS="amd64 arm64 ~ppc ~ppc64 x86 ~x86-fbsd" + + # Gentoo specific patchsets: + SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz" fi DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" @@ -27,7 +32,7 @@ LICENSE="GPL-2 LGPL-2 BSD-2" SLOT="0" IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux - kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png + kernel_FreeBSD lzo ncurses nfs nls numa opengl pin-upstream-blobs +png pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-user systemtap tci test usb usbredir vde +vhost-net virgl virtfs +vnc vte xattr xen xfs" @@ -54,7 +59,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE} qemu_softmmu_targets_ppc? ( fdt ) qemu_softmmu_targets_ppc64? ( fdt ) sdl2? ( sdl ) - static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio ) + static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio !snappy ) virtfs? ( xattr ) vte? ( gtk )" @@ -87,7 +92,7 @@ SOFTMMU_TOOLS_DEPEND=" bzip2? ( app-arch/bzip2[static-libs(+)] ) caps? ( sys-libs/libcap-ng[static-libs(+)] ) curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) - fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) + fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) gnutls? ( dev-libs/nettle:=[static-libs(+)] @@ -111,7 +116,7 @@ SOFTMMU_TOOLS_DEPEND=" sys-libs/ncurses:0=[unicode] sys-libs/ncurses:0=[static-libs(+)] ) - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) + nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] ) numa? ( sys-process/numactl[static-libs(+)] ) opengl? ( virtual/opengl @@ -135,7 +140,7 @@ SOFTMMU_TOOLS_DEPEND=" ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) - snappy? ( app-arch/snappy[static-libs(+)] ) + snappy? ( app-arch/snappy:= ) spice? ( >=app-emulation/spice-protocol-0.12.3 >=app-emulation/spice-0.12.0[static-libs(+)] @@ -150,17 +155,26 @@ SOFTMMU_TOOLS_DEPEND=" xfs? ( sys-fs/xfsprogs[static-libs(+)] )" X86_FIRMWARE_DEPEND=" - >=sys-firmware/ipxe-1.0.0_p20130624 pin-upstream-blobs? ( - ~sys-firmware/seabios-1.10.1 + ~sys-firmware/edk2-ovmf-2017_pre20170505[binary] + ~sys-firmware/ipxe-1.0.0_p20160620 + ~sys-firmware/seabios-1.10.2[binary,seavgabios] ~sys-firmware/sgabios-0.1_pre8 - ~sys-firmware/vgabios-0.7a ) !pin-upstream-blobs? ( - sys-firmware/seabios + sys-firmware/edk2 + sys-firmware/ipxe + >=sys-firmware/seabios-1.10.2[seavgabios] sys-firmware/sgabios - sys-firmware/vgabios )" +PPC64_FIRMWARE_DEPEND=" + pin-upstream-blobs? ( + ~sys-firmware/seabios-1.10.2[binary,seavgabios] + ) + !pin-upstream-blobs? ( + >=sys-firmware/seabios-1.10.2[seavgabios] + ) +" CDEPEND=" !static? ( @@ -168,7 +182,9 @@ CDEPEND=" ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} ) qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) + qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} ) +" DEPEND="${CDEPEND} dev-lang/perl =dev-lang/python-2* @@ -191,11 +207,8 @@ RDEPEND="${CDEPEND} PATCHES=( "${FILESDIR}"/${PN}-2.5.0-cflags.patch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 + "${FILESDIR}"/${PN}-2.11.0-glibc-2.27.patch + "${WORKDIR}"/patches # fix for vpc creation in qemu-img "${FILESDIR}"/0001-block-fix-vpc-max_table_entries-computation.patch @@ -209,6 +222,7 @@ QA_PREBUILT=" usr/share/qemu/openbios-sparc32 usr/share/qemu/palcode-clipper usr/share/qemu/s390-ccw.img + usr/share/qemu/s390-netboot.img usr/share/qemu/u-boot.e500" QA_WX_LOAD="usr/bin/qemu-i386 @@ -278,7 +292,11 @@ pkg_pretend() { ERROR_VHOST_NET+=" support" if use amd64 || use x86 || use amd64-linux || use x86-linux; then - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" + if grep -q AuthenticAMD /proc/cpuinfo; then + CONFIG_CHECK+=" ~KVM_AMD" + elif grep -q GenuineIntel /proc/cpuinfo; then + CONFIG_CHECK+=" ~KVM_INTEL" + fi fi use python && CONFIG_CHECK+=" ~DEBUG_FS" @@ -364,6 +382,9 @@ src_prepare() { # Run after we've applied all patches. handle_locales + + # Remove bundled copy of libfdt + rm -r dtc || die } ## @@ -483,7 +504,6 @@ qemu_src_configure() { --disable-linux-user --enable-system --disable-tools - --with-system-pixman ) local static_flag="static" ;; @@ -513,6 +533,9 @@ qemu_src_configure() { tc-enables-pie && conf_opts+=( --enable-pie ) fi + #bug #647570 + conf_opts+=( --disable-capstone ) + echo "../configure ${conf_opts[*]}" cd "${builddir}" ../configure "${conf_opts[@]}" || die "configure failed" @@ -681,27 +704,31 @@ src_install() { cd "${S}" dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt newdoc pc-bios/README README.pc-bios - dodoc docs/qmp-*.txt if [[ -n ${softmmu_targets} ]]; then # Remove SeaBIOS since we're using the SeaBIOS packaged one rm "${ED}/usr/share/qemu/bios.bin" + rm "${ED}/usr/share/qemu/bios-256k.bin" if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin fi - # Remove vgabios since we're using the vgabios packaged one + # Remove vgabios since we're using the seavgabios packaged one rm "${ED}/usr/share/qemu/vgabios.bin" rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" rm "${ED}/usr/share/qemu/vgabios-qxl.bin" rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" + rm "${ED}/usr/share/qemu/vgabios-virtio.bin" rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin - dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin - dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin - dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin - dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin + # PPC64 loads vgabios-stdvga + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then + dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin + dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin + dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin + dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin + dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin + dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin fi # Remove sgabios since we're using the sgabios packaged one @@ -726,20 +753,50 @@ src_install() { readme.gentoo_create_doc } -pkg_postinst() { - DISABLE_AUTOFORMATTING=true - readme.gentoo_print_elog +firmware_abi_change() { + local pv + for pv in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then + return 0 + fi + done + return 1 +} +pkg_postinst() { if [[ -n ${softmmu_targets} ]] && use kernel_linux; then udev_reload fi fcaps cap_net_admin /usr/libexec/qemu-bridge-helper + + DISABLE_AUTOFORMATTING=true + readme.gentoo_print_elog + + if use pin-upstream-blobs && firmware_abi_change; then + ewarn "This version of qemu pins new versions of firmware blobs:" + ewarn " $(best_version sys-firmware/edk2-ovmf)" + ewarn " $(best_version sys-firmware/ipxe)" + ewarn " $(best_version sys-firmware/seabios)" + ewarn " $(best_version sys-firmware/sgabios)" + ewarn "This might break resume of hibernated guests (started with a different" + ewarn "firmware version) and live migration to/from qemu versions with different" + ewarn "firmware. Please (cold) restart all running guests. For functional" + ewarn "guest migration ensure that all" + ewarn "hosts run at least" + ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}." + fi } pkg_info() { echo "Using:" echo " $(best_version app-emulation/spice-protocol)" + echo " $(best_version sys-firmware/edk2-ovmf)" + if has_version 'sys-firmware/edk2-ovmf[binary]'; then + echo " USE=binary" + else + echo " USE=''" + fi echo " $(best_version sys-firmware/ipxe)" echo " $(best_version sys-firmware/seabios)" if has_version 'sys-firmware/seabios[binary]'; then @@ -747,5 +804,5 @@ pkg_info() { else echo " USE=''" fi - echo " $(best_version sys-firmware/vgabios)" + echo " $(best_version sys-firmware/sgabios)" } From d049506848b9208a1add0a50f10e92612eaf9e74 Mon Sep 17 00:00:00 2001 From: David Michael Date: Mon, 9 Apr 2018 18:16:25 -0400 Subject: [PATCH 7/8] sys-firmware/edk2: Drop the QEMU dependency It doesn't appear to be used, and it results in a dep loop. --- .../edk2/{edk2-2017.06-r1.ebuild => edk2-2017.06-r2.ebuild} | 0 .../coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild | 4 +--- 2 files changed, 1 insertion(+), 3 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/{edk2-2017.06-r1.ebuild => edk2-2017.06-r2.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r2.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r2.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild index 2a2236d6b1..0fed3aeb11 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild @@ -37,9 +37,7 @@ DEPEND=" RDEPEND=" !sys-firmware/edk2-armvirt !sys-firmware/edk2-ovmf - amd64? ( - qemu? ( app-emulation/qemu ) - )" + " src_unpack() { [[ ${EGIT_REPO_URI} ]] && git-r3_src_unpack From 22bbbb7812392f555ba1c55c6fec938ff9db85e5 Mon Sep 17 00:00:00 2001 From: David Michael Date: Tue, 10 Apr 2018 12:04:28 -0400 Subject: [PATCH 8/8] app-portage/gentoolkit: Move back to portage-stable --- .../app-portage/gentoolkit/Manifest | 1 - .../files/0.3.2-fix-int-coercion.patch | 25 ------ .../files/0.3.2-helpers.py-589686.patch | 30 -------- .../gentoolkit/gentoolkit-0.3.2-r1.ebuild | 76 ------------------- .../app-portage/gentoolkit/metadata.xml | 14 ---- .../md5-cache/app-portage/gentoolkit-0.3.2-r1 | 14 ---- 6 files changed, 160 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/Manifest delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-fix-int-coercion.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-helpers.py-589686.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/gentoolkit-0.3.2-r1.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/metadata.xml delete mode 100644 sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-portage/gentoolkit-0.3.2-r1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/Manifest b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/Manifest deleted file mode 100644 index 07da4f2253..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST gentoolkit-0.3.2.tar.gz 3198294 SHA256 f3bb38d663c1b153447556b5265df5a11b6ed78411e761335b692111c823d9dd SHA512 e174ac7f12d45703515876ea558a661e1d0c5d4cc71d2d64ee793786e2a2d3d2b309500b6e1891774e3415de74922efc77553c0103d695f5dda91def9a6ac637 WHIRLPOOL 67192702f72f437cc31aeeef8bf005c83a4a9322e9fa0de3c1e0d229bfb95d7363f14a8902da5ffbf49dee45cd587286899ea1ead017cd7d18d0f852cc7fd9fb diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-fix-int-coercion.patch b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-fix-int-coercion.patch deleted file mode 100644 index 204748a64d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-fix-int-coercion.patch +++ /dev/null @@ -1,25 +0,0 @@ -From e07c6f2ea4963e6f9cdf6ee5eceaaf6f30319eda Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Tue, 17 Jan 2017 13:20:43 -0800 -Subject: [PATCH] gentoolkit/glsa: Fix AttributeError from int coercion - ---- - pym/gentoolkit/glsa/__init__.py | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/pym/gentoolkit/glsa/__init__.py b/pym/gentoolkit/glsa/__init__.py -index ba1eed7..0ed539e 100644 ---- a/pym/gentoolkit/glsa/__init__.py -+++ b/pym/gentoolkit/glsa/__init__.py -@@ -567,6 +567,8 @@ class Glsa: - (self.revised, count) = self.revised.split(":") - else: - count = 1 -+ else: -+ count = count.value - - self.revised = format_date(self.revised) - --- -2.7.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-helpers.py-589686.patch b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-helpers.py-589686.patch deleted file mode 100644 index 282846c472..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-helpers.py-589686.patch +++ /dev/null @@ -1,30 +0,0 @@ -From bc92540f8ce498e8305103619c7085b670ba19b1 Mon Sep 17 00:00:00 2001 -From: Paul Varner -Date: Mon, 25 Jul 2016 13:01:06 -0500 -Subject: Add missing import of io.open when using python2.7 - -This fixes the traceback when running equery changes with Python 2.7 - -X-Gentoo-bug: 589686 -X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=589686 ---- - pym/gentoolkit/helpers.py | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/pym/gentoolkit/helpers.py b/pym/gentoolkit/helpers.py -index 0d985b6..8d25393 100644 ---- a/pym/gentoolkit/helpers.py -+++ b/pym/gentoolkit/helpers.py -@@ -26,6 +26,9 @@ __docformat__ = 'epytext' - # ======= - - import os -+import sys -+if sys.hexversion < 0x3000000: -+ from io import open - import re - from functools import partial - from itertools import chain --- -cgit v0.12 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/gentoolkit-0.3.2-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/gentoolkit-0.3.2-r1.ebuild deleted file mode 100644 index 96b5c11286..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/gentoolkit-0.3.2-r1.ebuild +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="6" - -PYTHON_COMPAT=(python{2_7,3_4,3_5} pypy) -PYTHON_REQ_USE="xml(+),threads(+)" - -inherit distutils-r1 - -DESCRIPTION="Collection of administration scripts for Gentoo" -HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Portage-Tools" -SRC_URI="http://dev.gentoo.org/~dolsen/releases/gentoolkit/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -IUSE="" - -KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" - -DEPEND="sys-apps/portage[${PYTHON_USEDEP}]" -RDEPEND="${DEPEND} - !<=app-portage/gentoolkit-dev-0.2.7 - sys-apps/gawk - sys-apps/gentoo-functions" - -PATCHES=( - "${FILESDIR}"/${PV}-helpers.py-589686.patch - "${FILESDIR}"/${PV}-fix-int-coercion.patch -) - -python_prepare_all() { - python_setup - echo VERSION="${PVR}" "${PYTHON}" setup.py set_version - VERSION="${PVR}" "${PYTHON}" setup.py set_version - distutils-r1_python_prepare_all -} - -python_install_all() { - distutils-r1_python_install_all - - # remove on Gentoo Prefix platforms where it's broken anyway - if use prefix; then - elog "The revdep-rebuild command is removed, the preserve-libs" - elog "feature of portage will handle issues." - rm "${ED}"/usr/bin/revdep-rebuild* - rm "${ED}"/usr/share/man/man1/revdep-rebuild.1 - rm -rf "${ED}"/etc/revdep-rebuild - rm -rf "${ED}"/var - fi -} - -pkg_postinst() { - # Create cache directory for revdep-rebuild - mkdir -p -m 0755 "${EROOT%/}"/var/cache - mkdir -p -m 0700 "${EROOT%/}"/var/cache/revdep-rebuild - - # Only show the elog information on a new install - if [[ ! ${REPLACING_VERSIONS} ]]; then - elog - elog "For further information on gentoolkit, please read the gentoolkit" - elog "guide: https://wiki.gentoo.org/wiki/Gentoolkit" - elog - elog "Another alternative to equery is app-portage/portage-utils" - elog - elog "Additional tools that may be of interest:" - elog - elog " app-admin/eclean-kernel" - elog " app-portage/diffmask" - elog " app-portage/flaggie" - elog " app-portage/install-mask" - elog " app-portage/portpeek" - elog " app-portage/smart-live-rebuild" - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/metadata.xml deleted file mode 100644 index 011e78ec74..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/metadata.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - tools-portage@gentoo.org - Gentoo Portage tools team - - -Gentoolkit is a collection of useful adminstration scripts particular to -the Gentoo Linux distribution. It contains rough drafts and -implementations of features that may in time make it into Portage, or -into full-fledged tools in their own right. - - diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-portage/gentoolkit-0.3.2-r1 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-portage/gentoolkit-0.3.2-r1 deleted file mode 100644 index 4effa10822..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-portage/gentoolkit-0.3.2-r1 +++ /dev/null @@ -1,14 +0,0 @@ -DEFINED_PHASES=compile configure install postinst prepare test -DEPEND=sys-apps/portage[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] python_targets_pypy? ( >=virtual/pypy-5:0=[xml(+),threads(+)] ) python_targets_python2_7? ( >=dev-lang/python-2.7.5-r2:2.7[xml(+),threads(+)] ) python_targets_python3_4? ( dev-lang/python:3.4[xml(+),threads(+)] ) python_targets_python3_5? ( dev-lang/python:3.5[xml(+),threads(+)] ) >=dev-lang/python-exec-2:=[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] -DESCRIPTION=Collection of administration scripts for Gentoo -EAPI=6 -HOMEPAGE=https://wiki.gentoo.org/wiki/Project:Portage-Tools -IUSE=python_targets_pypy python_targets_python2_7 python_targets_python3_4 python_targets_python3_5 -KEYWORDS=alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris -LICENSE=GPL-2 -RDEPEND=sys-apps/portage[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] !<=app-portage/gentoolkit-dev-0.2.7 sys-apps/gawk sys-apps/gentoo-functions python_targets_pypy? ( >=virtual/pypy-5:0=[xml(+),threads(+)] ) python_targets_python2_7? ( >=dev-lang/python-2.7.5-r2:2.7[xml(+),threads(+)] ) python_targets_python3_4? ( dev-lang/python:3.4[xml(+),threads(+)] ) python_targets_python3_5? ( dev-lang/python:3.5[xml(+),threads(+)] ) >=dev-lang/python-exec-2:=[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] -REQUIRED_USE=|| ( python_targets_pypy python_targets_python2_7 python_targets_python3_4 python_targets_python3_5 ) -SLOT=0 -SRC_URI=http://dev.gentoo.org/~dolsen/releases/gentoolkit/gentoolkit-0.3.2.tar.gz -_eclasses_=distutils-r1 372bbe39047c0a2550319a3a82f3e063 multibuild 72647e255187a1fadc81097b3657e5c3 multilib 97f470f374f2e94ccab04a2fb21d811e multiprocessing 6f5991c7101863d0b29df63990ad852e python-r1 e9350ec46bb5c9f3504b4fbe8b8d8987 python-utils-r1 c9de01becf9df3f8c10aeec3dc693f5d toolchain-funcs 185a06792159ca143528e7010368e8af xdg-utils f2c8335407f0b935b0a96d4adf23ef25 -_md5_=14632264c91528bd0437c56ad47d3466