mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-21 06:21:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3161 from dm0-/glibc

Browse Source 
Upgrade glibc to 2.25
This commit is contained in:
David Michael 2018-04-11 00:07:04 -04:00 committed by GitHub
commit cf14f6b5df
50 changed files with 215 additions and 4664 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest vendored
View File

@ -1 +1,2 @@
DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
DIST qemu-2.11.1-patches-r1.tar.xz 2064 SHA256 08b198d69a14fe852b86c00fbab24832223046407dd170be6d862571e8582536 SHA512 12de7b4777ec98871d0786291534f61b37534feef64b556caeab72e020ff14d61fe19d24cb151ebfdb912df2a7ba72c0d882566b368d88d02c9f1354c2adae4a WHIRLPOOL 91da9ad3278ac130baacf57627a6a4535baef87b480a5321fd049815f2defd9c5ed0ce8bcef1d28e0c7075cc4ea7329decf57d22404915857b3aed319f59f92d
DIST qemu-2.11.1.tar.bz2 32819412 SHA256 d9df2213ceed32e91dab7bc9dd19c1af83f91ba72c7aeef7605dfaaf81732ccb SHA512 1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354 WHIRLPOOL 2de03a00ab3fba1fe2ca8cd11a0948aede5db567a00a2213bf27517501de6fee04e8bd5443dd0af6aed554e20d8371cd4e69b142cb87e7a30abbf16e8aceab06

54
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch vendored Normal file
View File

@ -0,0 +1,54 @@
From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 28 Nov 2017 11:51:27 +0100
Subject: [PATCH] memfd: fix configure test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Recent glibc added memfd_create in sys/mman.h. This conflicts with
the definition in util/memfd.c:
/builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration
Fix the configure test, and remove the sys/memfd.h inclusion since the
file actually does not exist---it is a typo in the memfd_create(2) man
page.
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
configure | 2 +-
util/memfd.c | 4 +---
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/configure b/configure
index 9c8aa5a98b..99ccc1725a 100755
--- a/configure
+++ b/configure
@@ -3923,7 +3923,7 @@ fi
# check if memfd is supported
memfd=no
cat > $TMPC << EOF
-#include <sys/memfd.h>
+#include <sys/mman.h>
int main(void)
{
diff --git a/util/memfd.c b/util/memfd.c
index 4571d1aba8..412e94a405 100644
--- a/util/memfd.c
+++ b/util/memfd.c
@@ -31,9 +31,7 @@
#include "qemu/memfd.h"
-#ifdef CONFIG_MEMFD
-#include <sys/memfd.h>
-#elif defined CONFIG_LINUX
+#if defined CONFIG_LINUX && !defined CONFIG_MEMFD
#include <sys/syscall.h>
#include <asm/unistd.h>
--
2.11.0

174
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch vendored
View File

@ -1,174 +0,0 @@
From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
From: Greg Kurz <groug@kaod.org>
Date: Fri, 5 May 2017 14:48:08 +0200
Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
When using the mapped-file security mode, we shouldn't let the client mess
with the metadata. The current code already tries to hide the metadata dir
from the client by skipping it in local_readdir(). But the client can still
access or modify it through several other operations. This can be used to
escalate privileges in the guest.
Affected backend operations are:
- local_mknod()
- local_mkdir()
- local_open2()
- local_symlink()
- local_link()
- local_unlinkat()
- local_renameat()
- local_rename()
- local_name_to_path()
Other operations are safe because they are only passed a fid path, which
is computed internally in local_name_to_path().
This patch converts all the functions listed above to fail and return
EINVAL when being passed the name of the metadata dir. This may look
like a poor choice for errno, but there's no such thing as an illegal
path name on Linux and I could not think of anything better.
This fixes CVE-2017-7493.
Reported-by: Leo Gaspard <leo@gaspard.io>
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 56 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index f3ebca4f7a..a2486566af 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
return telldir(fs->dir.stream);
}
+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
+{
+ return !strcmp(name, VIRTFS_META_DIR);
+}
+
static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
{
struct dirent *entry;
@@ -465,8 +470,8 @@ again:
if (ctx->export_flags & V9FS_SM_MAPPED) {
entry->d_type = DT_UNKNOWN;
} else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
- /* skp the meta data directory */
+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
+ /* skip the meta data directory */
goto again;
}
entry->d_type = DT_UNKNOWN;
@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
if (dirfd == -1) {
return -1;
@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
if (dirfd == -1) {
return -1;
@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
/*
* Mark all the open to not follow symlinks
*/
@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
if (dirfd == -1) {
return -1;
@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
int ret = -1;
int odirfd, ndirfd;
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
odirfd = local_opendir_nofollow(ctx, odirpath);
if (odirfd == -1) {
goto out;
@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
const char *name, V9fsPath *target)
{
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
if (dir_path) {
v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
} else if (strcmp(name, "/")) {
@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
int ret;
int odirfd, ndirfd;
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ (local_is_mapped_file_metadata(ctx, old_name) ||
+ local_is_mapped_file_metadata(ctx, new_name))) {
+ errno = EINVAL;
+ return -1;
+ }
+
odirfd = local_opendir_nofollow(ctx, olddir->data);
if (odirfd == -1) {
return -1;
@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
int ret;
int dirfd;
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(ctx, dir->data);
if (dirfd == -1) {
return -1;
--
2.13.0

22
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch vendored
View File

@ -1,22 +0,0 @@
CVE-2017-8112
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
---
hw/scsi/vmw_pvscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 7557546..4a106da 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
uint32_t len_log2;
uint32_t ring_size;
- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
return -1;
}
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
--
2.9.3

22
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch vendored
View File

@ -1,22 +0,0 @@
bug #616870
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
---
audio/audio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/audio/audio.c b/audio/audio.c
index c8898d8422..beafed209b 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
sw = sw1;
}
QLIST_REMOVE (cap, entries);
+ g_free (cap->hw.mix_buf);
+ g_free (cap->buf);
g_free (cap);
}
return;
--
2.9.3

76
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch vendored
View File

@ -1,76 +0,0 @@
bug #616872
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
---
ui/input.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/ui/input.c b/ui/input.c
index ed88cda6d6..fb1f404095 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
QTAILQ_HEAD_INITIALIZER(kbd_queue);
static QEMUTimer *kbd_timer;
static uint32_t kbd_default_delay_ms = 10;
+static uint32_t queue_count;
+static uint32_t queue_limit = 1024;
QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
QemuInputHandler *handler)
@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
break;
}
QTAILQ_REMOVE(queue, item, node);
+ queue_count--;
g_free(item);
}
}
@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
item->delay_ms = delay_ms;
item->timer = timer;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
if (start_timer) {
timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
item->src = src;
item->evt = evt;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
}
static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
item->type = QEMU_INPUT_QUEUE_SYNC;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
}
void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
qemu_input_event_send(src, evt);
qemu_input_event_sync();
qapi_free_InputEvent(evt);
- } else {
+ } else if (queue_count < queue_limit) {
qemu_input_queue_event(&kbd_queue, src, evt);
qemu_input_queue_sync(&kbd_queue);
}
@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
&kbd_queue);
}
- qemu_input_queue_delay(&kbd_queue, kbd_timer,
- delay_ms ? delay_ms : kbd_default_delay_ms);
+ if (queue_count < queue_limit) {
+ qemu_input_queue_delay(&kbd_queue, kbd_timer,
+ delay_ms ? delay_ms : kbd_default_delay_ms);
+ }
}
InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
--
2.9.3

34
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch vendored
View File

@ -1,34 +0,0 @@
bug #616874
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
---
hw/scsi/megasas.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 84b8caf..804122a 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
case MFI_SEQ:
trace_megasas_mmio_writel("MFI_SEQ", val);
/* Magic sequence to start ADP reset */
- if (adp_reset_seq[s->adp_reset] == val) {
- s->adp_reset++;
+ if (adp_reset_seq[s->adp_reset++] == val) {
+ if (s->adp_reset == 6) {
+ s->adp_reset = 0;
+ s->diag = MFI_DIAG_WRITE_ENABLE;
+ }
} else {
s->adp_reset = 0;
s->diag = 0;
}
- if (s->adp_reset == 6) {
- s->diag = MFI_DIAG_WRITE_ENABLE;
- }
break;
case MFI_DIAG:
trace_megasas_mmio_writel("MFI_DIAG", val);
--
2.9.3

1
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml vendored
View File

@ -9,6 +9,7 @@
<flag name="accessibility">Adds support for braille displays using brltty</flag>
<flag name="aio">Enables support for Linux's Async IO</flag>
<flag name="alsa">Enable alsa output for sound emulation</flag>
<flag name="capstone">Enable disassembly support with <pkg>dev-libs/capstone</pkg></flag>
<flag name="curl">Support ISOs / -cdrom directives vis HTTP or HTTPS.</flag>
<flag name="fdt">Enables firmware device tree support</flag>
<flag name="glusterfs">Enables GlusterFS cluster fileystem via

119
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild → sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2017 Gentoo Foundation
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
@ -8,6 +8,8 @@ PYTHON_REQ_USE="ncurses,readline"
PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
FIRMWARE_ABI_VERSION="2.9.0-r52"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo-r1 pax-utils l10n
@ -18,6 +20,9 @@ if [[ ${PV} = *9999* ]]; then
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
KEYWORDS="amd64 arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
# Gentoo specific patchsets:
SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@ -27,7 +32,7 @@ LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
kernel_FreeBSD lzo ncurses nfs nls numa opengl pin-upstream-blobs +png
pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
spice ssh static static-user systemtap tci test usb usbredir vde
+vhost-net virgl virtfs +vnc vte xattr xen xfs"
@ -54,7 +59,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
sdl2? ( sdl )
static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio !snappy )
virtfs? ( xattr )
vte? ( gtk )"
@ -87,7 +92,7 @@ SOFTMMU_TOOLS_DEPEND="
bzip2? ( app-arch/bzip2[static-libs(+)] )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
gnutls? (
dev-libs/nettle:=[static-libs(+)]
@ -111,7 +116,7 @@ SOFTMMU_TOOLS_DEPEND="
sys-libs/ncurses:0=[unicode]
sys-libs/ncurses:0=[static-libs(+)]
)
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
opengl? (
virtual/opengl
@ -135,7 +140,7 @@ SOFTMMU_TOOLS_DEPEND="
)
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] )
snappy? ( app-arch/snappy:= )
spice? (
>=app-emulation/spice-protocol-0.12.3
>=app-emulation/spice-0.12.0[static-libs(+)]
@ -150,17 +155,26 @@ SOFTMMU_TOOLS_DEPEND="
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
X86_FIRMWARE_DEPEND="
>=sys-firmware/ipxe-1.0.0_p20130624
pin-upstream-blobs? (
~sys-firmware/seabios-1.10.1
~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
~sys-firmware/ipxe-1.0.0_p20160620
~sys-firmware/seabios-1.10.2[binary,seavgabios]
~sys-firmware/sgabios-0.1_pre8
~sys-firmware/vgabios-0.7a
)
!pin-upstream-blobs? (
sys-firmware/seabios
sys-firmware/edk2
sys-firmware/ipxe
>=sys-firmware/seabios-1.10.2[seavgabios]
sys-firmware/sgabios
sys-firmware/vgabios
)"
PPC64_FIRMWARE_DEPEND="
pin-upstream-blobs? (
~sys-firmware/seabios-1.10.2[binary,seavgabios]
)
!pin-upstream-blobs? (
>=sys-firmware/seabios-1.10.2[seavgabios]
)
"
CDEPEND="
!static? (
@ -168,7 +182,9 @@ CDEPEND="
${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
)
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
@ -191,11 +207,8 @@ RDEPEND="${CDEPEND}
PATCHES=(
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
"${FILESDIR}"/${PN}-2.11.0-glibc-2.27.patch
"${WORKDIR}"/patches
# fix for vpc creation in qemu-img
"${FILESDIR}"/0001-block-fix-vpc-max_table_entries-computation.patch
@ -209,6 +222,7 @@ QA_PREBUILT="
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img
usr/share/qemu/s390-netboot.img
usr/share/qemu/u-boot.e500"
QA_WX_LOAD="usr/bin/qemu-i386
@ -278,7 +292,11 @@ pkg_pretend() {
ERROR_VHOST_NET+=" support"
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
if grep -q AuthenticAMD /proc/cpuinfo; then
CONFIG_CHECK+=" ~KVM_AMD"
elif grep -q GenuineIntel /proc/cpuinfo; then
CONFIG_CHECK+=" ~KVM_INTEL"
fi
fi
use python && CONFIG_CHECK+=" ~DEBUG_FS"
@ -364,6 +382,9 @@ src_prepare() {
# Run after we've applied all patches.
handle_locales
# Remove bundled copy of libfdt
rm -r dtc || die
}
##
@ -483,7 +504,6 @@ qemu_src_configure() {
--disable-linux-user
--enable-system
--disable-tools
--with-system-pixman
)
local static_flag="static"
;;
@ -513,6 +533,9 @@ qemu_src_configure() {
tc-enables-pie && conf_opts+=( --enable-pie )
fi
#bug #647570
conf_opts+=( --disable-capstone )
echo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
@ -681,27 +704,31 @@ src_install() {
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp-*.txt
if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
rm "${ED}/usr/share/qemu/bios-256k.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
fi
# Remove vgabios since we're using the vgabios packaged one
# Remove vgabios since we're using the seavgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
# PPC64 loads vgabios-stdvga
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
fi
# Remove sgabios since we're using the sgabios packaged one
@ -726,20 +753,50 @@ src_install() {
readme.gentoo_create_doc
}
pkg_postinst() {
DISABLE_AUTOFORMATTING=true
readme.gentoo_print_elog
firmware_abi_change() {
local pv
for pv in ${REPLACING_VERSIONS}; do
if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
return 0
fi
done
return 1
}
pkg_postinst() {
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
udev_reload
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
DISABLE_AUTOFORMATTING=true
readme.gentoo_print_elog
if use pin-upstream-blobs && firmware_abi_change; then
ewarn "This version of qemu pins new versions of firmware blobs:"
ewarn " $(best_version sys-firmware/edk2-ovmf)"
ewarn " $(best_version sys-firmware/ipxe)"
ewarn " $(best_version sys-firmware/seabios)"
ewarn " $(best_version sys-firmware/sgabios)"
ewarn "This might break resume of hibernated guests (started with a different"
ewarn "firmware version) and live migration to/from qemu versions with different"
ewarn "firmware. Please (cold) restart all running guests. For functional"
ewarn "guest migration ensure that all"
ewarn "hosts run at least"
ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
fi
}
pkg_info() {
echo "Using:"
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/edk2-ovmf)"
if has_version 'sys-firmware/edk2-ovmf[binary]'; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version 'sys-firmware/seabios[binary]'; then
@ -747,5 +804,5 @@ pkg_info() {
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/vgabios)"
echo " $(best_version sys-firmware/sgabios)"
}

1
sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/Manifest vendored
View File

@ -1 +0,0 @@
DIST gentoolkit-0.3.2.tar.gz 3198294 SHA256 f3bb38d663c1b153447556b5265df5a11b6ed78411e761335b692111c823d9dd SHA512 e174ac7f12d45703515876ea558a661e1d0c5d4cc71d2d64ee793786e2a2d3d2b309500b6e1891774e3415de74922efc77553c0103d695f5dda91def9a6ac637 WHIRLPOOL 67192702f72f437cc31aeeef8bf005c83a4a9322e9fa0de3c1e0d229bfb95d7363f14a8902da5ffbf49dee45cd587286899ea1ead017cd7d18d0f852cc7fd9fb

25
sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-fix-int-coercion.patch vendored
View File

@ -1,25 +0,0 @@
From e07c6f2ea4963e6f9cdf6ee5eceaaf6f30319eda Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Tue, 17 Jan 2017 13:20:43 -0800
Subject: [PATCH] gentoolkit/glsa: Fix AttributeError from int coercion
---
pym/gentoolkit/glsa/__init__.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/pym/gentoolkit/glsa/__init__.py b/pym/gentoolkit/glsa/__init__.py
index ba1eed7..0ed539e 100644
--- a/pym/gentoolkit/glsa/__init__.py
+++ b/pym/gentoolkit/glsa/__init__.py
@@ -567,6 +567,8 @@ class Glsa:
(self.revised, count) = self.revised.split(":")
else:
count = 1
+ else:
+ count = count.value
self.revised = format_date(self.revised)
--
2.7.4

30
sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-helpers.py-589686.patch vendored
View File

@ -1,30 +0,0 @@
From bc92540f8ce498e8305103619c7085b670ba19b1 Mon Sep 17 00:00:00 2001
From: Paul Varner <fuzzyray@gentoo.org>
Date: Mon, 25 Jul 2016 13:01:06 -0500
Subject: Add missing import of io.open when using python2.7
This fixes the traceback when running equery changes with Python 2.7
X-Gentoo-bug: 589686
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=589686
---
pym/gentoolkit/helpers.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/pym/gentoolkit/helpers.py b/pym/gentoolkit/helpers.py
index 0d985b6..8d25393 100644
--- a/pym/gentoolkit/helpers.py
+++ b/pym/gentoolkit/helpers.py
@@ -26,6 +26,9 @@ __docformat__ = 'epytext'
# =======
import os
+import sys
+if sys.hexversion < 0x3000000:
+ from io import open
import re
from functools import partial
from itertools import chain
--
cgit v0.12

76
sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/gentoolkit-0.3.2-r1.ebuild vendored
View File

@ -1,76 +0,0 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="6"
PYTHON_COMPAT=(python{2_7,3_4,3_5} pypy)
PYTHON_REQ_USE="xml(+),threads(+)"
inherit distutils-r1
DESCRIPTION="Collection of administration scripts for Gentoo"
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Portage-Tools"
SRC_URI="http://dev.gentoo.org/~dolsen/releases/gentoolkit/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
IUSE=""
KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
DEPEND="sys-apps/portage[${PYTHON_USEDEP}]"
RDEPEND="${DEPEND}
!<=app-portage/gentoolkit-dev-0.2.7
sys-apps/gawk
sys-apps/gentoo-functions"
PATCHES=(
"${FILESDIR}"/${PV}-helpers.py-589686.patch
"${FILESDIR}"/${PV}-fix-int-coercion.patch
)
python_prepare_all() {
python_setup
echo VERSION="${PVR}" "${PYTHON}" setup.py set_version
VERSION="${PVR}" "${PYTHON}" setup.py set_version
distutils-r1_python_prepare_all
}
python_install_all() {
distutils-r1_python_install_all
# remove on Gentoo Prefix platforms where it's broken anyway
if use prefix; then
elog "The revdep-rebuild command is removed, the preserve-libs"
elog "feature of portage will handle issues."
rm "${ED}"/usr/bin/revdep-rebuild*
rm "${ED}"/usr/share/man/man1/revdep-rebuild.1
rm -rf "${ED}"/etc/revdep-rebuild
rm -rf "${ED}"/var
fi
}
pkg_postinst() {
# Create cache directory for revdep-rebuild
mkdir -p -m 0755 "${EROOT%/}"/var/cache
mkdir -p -m 0700 "${EROOT%/}"/var/cache/revdep-rebuild
# Only show the elog information on a new install
if [[ ! ${REPLACING_VERSIONS} ]]; then
elog
elog "For further information on gentoolkit, please read the gentoolkit"
elog "guide: https://wiki.gentoo.org/wiki/Gentoolkit"
elog
elog "Another alternative to equery is app-portage/portage-utils"
elog
elog "Additional tools that may be of interest:"
elog
elog " app-admin/eclean-kernel"
elog " app-portage/diffmask"
elog " app-portage/flaggie"
elog " app-portage/install-mask"
elog " app-portage/portpeek"
elog " app-portage/smart-live-rebuild"
fi
}

14
sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/metadata.xml vendored
View File

@ -1,14 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>tools-portage@gentoo.org</email>
<name>Gentoo Portage tools team</name>
</maintainer>
<longdescription>
Gentoolkit is a collection of useful adminstration scripts particular to
the Gentoo Linux distribution. It contains rough drafts and
implementations of features that may in time make it into Portage, or
into full-fledged tools in their own right.
</longdescription>
</pkgmetadata>

14
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-portage/gentoolkit-0.3.2-r1 vendored
View File

@ -1,14 +0,0 @@
DEFINED_PHASES=compile configure install postinst prepare test
DEPEND=sys-apps/portage[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] python_targets_pypy? ( >=virtual/pypy-5:0=[xml(+),threads(+)] ) python_targets_python2_7? ( >=dev-lang/python-2.7.5-r2:2.7[xml(+),threads(+)] ) python_targets_python3_4? ( dev-lang/python:3.4[xml(+),threads(+)] ) python_targets_python3_5? ( dev-lang/python:3.5[xml(+),threads(+)] ) >=dev-lang/python-exec-2:=[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)]
DESCRIPTION=Collection of administration scripts for Gentoo
EAPI=6
HOMEPAGE=https://wiki.gentoo.org/wiki/Project:Portage-Tools
IUSE=python_targets_pypy python_targets_python2_7 python_targets_python3_4 python_targets_python3_5
KEYWORDS=alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
LICENSE=GPL-2
RDEPEND=sys-apps/portage[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] !<=app-portage/gentoolkit-dev-0.2.7 sys-apps/gawk sys-apps/gentoo-functions python_targets_pypy? ( >=virtual/pypy-5:0=[xml(+),threads(+)] ) python_targets_python2_7? ( >=dev-lang/python-2.7.5-r2:2.7[xml(+),threads(+)] ) python_targets_python3_4? ( dev-lang/python:3.4[xml(+),threads(+)] ) python_targets_python3_5? ( dev-lang/python:3.5[xml(+),threads(+)] ) >=dev-lang/python-exec-2:=[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)]
REQUIRED_USE=|| ( python_targets_pypy python_targets_python2_7 python_targets_python3_4 python_targets_python3_5 )
SLOT=0
SRC_URI=http://dev.gentoo.org/~dolsen/releases/gentoolkit/gentoolkit-0.3.2.tar.gz
_eclasses_=distutils-r1 372bbe39047c0a2550319a3a82f3e063 multibuild 72647e255187a1fadc81097b3657e5c3 multilib 97f470f374f2e94ccab04a2fb21d811e multiprocessing 6f5991c7101863d0b29df63990ad852e python-r1 e9350ec46bb5c9f3504b4fbe8b8d8987 python-utils-r1 c9de01becf9df3f8c10aeec3dc693f5d toolchain-funcs 185a06792159ca143528e7010368e8af xdg-utils f2c8335407f0b935b0a96d4adf23ef25
_md5_=14632264c91528bd0437c56ad47d3466

1
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords vendored
View File

@ -35,7 +35,6 @@
=net-libs/libnftnl-1.0.6 **
=net-libs/serf-1.3.8-r1 ~arm64
=net-misc/bridge-utils-1.5 ~arm64
=net-misc/curl-7.57.0 ~arm64
=net-misc/iperf-3.1.3 **
=net-misc/socat-1.7.3.2 ~arm64
=net-misc/wget-1.19.1-r2 ~arm64

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords vendored
View File

@ -48,9 +48,6 @@ dev-util/checkbashisms
# All versions are ~amd64 and not enabled on arm64
=sys-apps/nvme-cli-1.1 **
# https://curl.haxx.se/docs/adv_20170419.html
=net-misc/curl-7.54.0 **
# CVE-2017-8779
=net-nds/rpcbind-0.2.4-r1

1
sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults vendored
View File

@ -13,6 +13,7 @@ FEATURES="nodoc noinfo noman"
# Remove bash-completion files as we don't install bash-completion.
# Remove locale LC_MESSAGES files.
INSTALL_MASK="${INSTALL_MASK}
/usr/sbin/locale-gen
/usr/share/bash-completion
/usr/share/gtk-doc
/usr/share/locale

0
sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r1.ebuild → sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r2.ebuild vendored
View File

4
sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild vendored
View File

@ -37,9 +37,7 @@ DEPEND="
RDEPEND="
!sys-firmware/edk2-armvirt
!sys-firmware/edk2-ovmf
amd64? (
qemu? ( app-emulation/qemu )
)"
"
src_unpack() {
[[ ${EGIT_REPO_URI} ]] && git-r3_src_unpack

4
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest vendored
View File

@ -1,3 +1,3 @@
DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f
DIST glibc-2.23-patches-8.tar.bz2 304199 SHA256 6110777176abfb8d287d82804d98e007c255db6040a1beca589a212772c90482 SHA512 470814bbbd9d4ee5fa2dd7570a2e14b0229723e373e801472856fd6c2f089499eddc300f69b49af8ba0edbdca583ee3ca521fdb5c642509717cafea0ad925fd2 WHIRLPOOL 1ef9a431d67d7669f34f7db21185d50ddd6dc82c549a9ff274f0b98454417f4098ee771bfe10073be12d3c153ee46ff36e40b46ecb31844ab09791ae29b49074
DIST glibc-2.23.tar.xz 13455260 SHA256 94efeb00e4603c8546209cefb3e1a50a5315c86fa9b078b6fad758e187ce13e9 SHA512 b82953388cd028e174cb08f082557bbce0dad8b67b17d31b29f90102fd52a51e03d591448ecb64882a1c1d5303afffc7f6ede85cee4c784a9284fbc9b4ad26cf WHIRLPOOL 7c7e3bf55a89a04bac917b9ca5a1cbb1613f22c427d2766f114b5a36f9635856005b823852ef5d3b73462b577fe4e5865e68e7b64633d48a95fa1e5eaa831a71
DIST glibc-2.25-patches-15.tar.bz2 78320 SHA256 63667d2c27d5aa540d5a9c4d8774b169933553a5cc57ff44d1c9ebbe099dc030 SHA512 7204218ea82b677e0f278c4752ddb90aa0c08ac2349d061de81ec91dac204b0f10fe223d7b1055b9e0c21dac97c835f913a90c0168a5000d3be00dd20027c185 WHIRLPOOL 21af5b2efb036d4f7290f75b23f6d2cb79f91178c3374a007fde888060c9c94306e4165cf07077cce9390c0d7b9980a2b5291a32f7b6b56895294df6975ba6d9
DIST glibc-2.25.tar.xz 13873900 SHA256 067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0 SHA512 5b7a2418d5b8a1b6a907c6c7fb6477ee2a473151cb45e03d0d4cdd9a33497c90b1ee39e2e7e885e2b25743dcd3747336ef114b4a73eb001da1fd79f29e0f9a6e WHIRLPOOL dc2fafaa4a0e5581268338453838a03ed0c5e7a2af844e8fb7086ab8d3ae48efbdbe6f25db1d089ae669cd2f8b0412f690d965506753d86f8525da2df59b7953

315
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c vendored
View File

@ -1,315 +0,0 @@
/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
/* Copyright (C) 2006-2008 Gentoo Foundation Inc.
* License terms as above.
*
* Hardened Gentoo SSP and FORTIFY handler
*
* An SSP failure handler that does not use functions from the rest of
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
* no possibility of recursion into the handler.
*
* Direct all bug reports to http://bugs.gentoo.org/
*
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
*
* The following people contributed to the glibc-2.3 Hardened
* Gentoo SSP and FORTIFY handler, from which this implementation draws much:
*
* Ned Ludd - <solar[@]gentoo.org>
* Alexander Gabert - <pappy[@]gentoo.org>
* The PaX Team - <pageexec[@]freemail.hu>
* Peter S. Mazinger - <ps.m[@]gmx.net>
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
* Robert Connolly - <robert[@]linuxfromscratch.org>
* Cory Visi <cory[@]visi.name>
* Mike Frysinger <vapier[@]gentoo.org>
* Magnus Granberg <zorry[@]ume.nu>
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sysdep-cancel.h>
#include <sys/syscall.h>
#include <bp-checks.h>
#include <kernel-features.h>
#include <alloca.h>
/* from sysdeps */
#include <socketcall.h>
/* for the stuff in bits/socket.h */
#include <sys/socket.h>
#include <sys/un.h>
/* Sanity check on SYSCALL macro names - force compilation
* failure if the names used here do not exist
*/
#if !defined __NR_socketcall && !defined __NR_socket
# error Cannot do syscall socket or socketcall
#endif
#if !defined __NR_socketcall && !defined __NR_connect
# error Cannot do syscall connect or socketcall
#endif
#ifndef __NR_write
# error Cannot do syscall write
#endif
#ifndef __NR_close
# error Cannot do syscall close
#endif
#ifndef __NR_getpid
# error Cannot do syscall getpid
#endif
#ifndef __NR_kill
# error Cannot do syscall kill
#endif
#ifndef __NR_exit
# error Cannot do syscall exit
#endif
#ifdef SSP_SMASH_DUMPS_CORE
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
# if !defined _KERNEL_NSIG && !defined _NSIG
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
# endif
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
# error Cannot do syscall sigaction or rt_sigaction
# endif
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
* some reason.
*/
# ifdef _KERNEL_NSIG
# define _SSP_NSIG _KERNEL_NSIG
# else
# define _SSP_NSIG _NSIG
# endif
#else
# define _SSP_NSIG 0
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
#endif
/* Define DO_SIGACTION - default to newer rt signal interface but
* fallback to old as needed.
*/
#ifdef __NR_rt_sigaction
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
#else
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
#endif
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
#if defined(__NR_socket) && defined(__NR_connect)
# define USE_OLD_SOCKETCALL 0
#else
# define USE_OLD_SOCKETCALL 1
#endif
/* stub out the __NR_'s so we can let gcc optimize away dead code */
#ifndef __NR_socketcall
# define __NR_socketcall 0
#endif
#ifndef __NR_socket
# define __NR_socket 0
#endif
#ifndef __NR_connect
# define __NR_connect 0
#endif
#define DO_SOCKET(result, domain, type, protocol) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = domain; \
socketargs[1] = type; \
socketargs[2] = protocol; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
} else \
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
} while (0)
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = sockfd; \
socketargs[1] = (unsigned long int)serv_addr; \
socketargs[2] = addrlen; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
} else \
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
} while (0)
#ifndef _PATH_LOG
# define _PATH_LOG "/dev/log"
#endif
static const char path_log[] = _PATH_LOG;
/* For building glibc with SSP switched on, define __progname to a
* constant if building for the run-time loader, to avoid pulling
* in more of libc.so into ld.so
*/
#ifdef IS_IN_rtld
static char *__progname = "<rtld>";
#else
extern char *__progname;
#endif
/* Common handler code, used by chk_fail
* Inlined to ensure no self-references to the handler within itself.
* Data static to avoid putting more than necessary on the stack,
* to aid core debugging.
*/
__attribute__ ((__noreturn__ , __always_inline__))
static inline void
__hardened_gentoo_chk_fail(char func[], int damaged)
{
#define MESSAGE_BUFSIZ 256
static pid_t pid;
static int plen, i;
static char message[MESSAGE_BUFSIZ];
static const char msg_ssa[] = ": buffer overflow attack";
static const char msg_inf[] = " in function ";
static const char msg_ssd[] = "*** buffer overflow detected ***: ";
static const char msg_terminated[] = " - terminated\n";
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
static const char msg_unknown[] = "<unknown>";
static int log_socket, connect_result;
static struct sockaddr_un sock;
static unsigned long int socketargs[4];
/* Build socket address
*/
sock.sun_family = AF_UNIX;
i = 0;
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
sock.sun_path[i] = path_log[i];
i++;
}
sock.sun_path[i] = '\0';
/* Try SOCK_DGRAM connection to syslog */
connect_result = -1;
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
if (connect_result == -1) {
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Try SOCK_STREAM connection to syslog */
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
}
/* Build message. Messages are generated both in the old style and new style,
* so that log watchers that are configured for the old-style message continue
* to work.
*/
#define strconcat(str) \
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
{\
message[plen+i]=str[i];\
i++;\
}\
plen+=i;}
/* R.Henderson post-gcc-4 style message */
plen = 0;
strconcat(msg_ssd);
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Dr. Etoh pre-gcc-4 style message */
plen = 0;
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_ssa);
strconcat(msg_inf);
if (func != NULL)
strconcat(func)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Direct reports to bugs.gentoo.org */
plen=0;
strconcat(msg_report);
message[plen++]='\0';
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Suicide */
pid = INLINE_SYSCALL(getpid, 0);
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
static struct sigaction default_abort_act;
/* Remove any user-supplied handler for SIGABRT, before using it */
default_abort_act.sa_handler = SIG_DFL;
default_abort_act.sa_sigaction = NULL;
__sigfillset(&default_abort_act.sa_mask);
default_abort_act.sa_flags = 0;
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
}
/* Note; actions cannot be added to SIGKILL */
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
/* In case the kill didn't work, exit anyway
* The loop prevents gcc thinking this routine returns
*/
while (1)
INLINE_SYSCALL(exit, 0);
}
__attribute__ ((__noreturn__))
void __chk_fail(void)
{
__hardened_gentoo_chk_fail(NULL, 0);
}

30
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch vendored
View File

@ -1,30 +0,0 @@
Prevent default-fPIE from confusing configure into thinking
PIC code is default. This causes glibc to build both PIC and
non-PIC code as normal, which on the hardened compiler generates
PIC and PIE.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for glibc 2.10 by Magnus Granberg <zorry@ume.nu>
--- configure.in
+++ configure.in
@@ -2145,7 +2145,7 @@
# error PIC is default.
#endif
EOF
-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
--- configure
+++ configure
@@ -7698,7 +7698,7 @@
# error PIC is default.
#endif
EOF
-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
libc_cv_pic_default=no
fi
rm -f conftest.*

274
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch vendored
View File

@ -1,274 +0,0 @@
When building glibc PIE (which is not something upstream support),
several modifications are necessary to the glibc build process.
First, any syscalls in PIEs must be of the PIC variant, otherwise
textrels ensue. Then, any syscalls made before the initialisation
of the TLS will fail on i386, as the sysenter variant on i386 uses
the TLS, giving rise to a chicken-and-egg situation. This patch
defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
version is normally used, and uses the non-sysenter version for the brk
syscall that is performed by the TLS initialisation. Further, the TLS
initialisation is moved in this case prior to the initialisation of
dl_osversion, as that requires further syscalls.
csu/libc-start.c: Move initial TLS initialization to before the
initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
csu/libc-tls.c: Use the no-sysenter version of sbrk when
INTERNAL_SYSCALL_NOSYSENTER is defined.
misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
misc/brk.c: Define a no-sysenter version of brk if
INTERNAL_SYSCALL_NOSYSENTER is defined.
sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
--- csu/libc-start.c
+++ csu/libc-start.c
@@ -28,6 +28,7 @@
extern int __libc_multiple_libcs;
#include <tls.h>
+#include <sysdep.h>
#ifndef SHARED
# include <dl-osinfo.h>
extern void __pthread_initialize_minimal (void);
@@ -129,6 +130,11 @@
# endif
_dl_aux_init (auxvec);
# endif
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ /* Do the initial TLS initialization before _dl_osversion,
+ since the latter uses the uname syscall. */
+ __pthread_initialize_minimal ();
+# endif
# ifdef DL_SYSDEP_OSCHECK
if (!__libc_multiple_libcs)
{
@@ -138,10 +144,12 @@
}
# endif
+# ifndef INTERNAL_SYSCALL_NOSYSENTER
/* Initialize the thread library at least a bit since the libgcc
functions are using thread functions if these are available and
we need to setup errno. */
__pthread_initialize_minimal ();
+# endif
/* Set up the stack checker's canary. */
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
--- csu/libc-tls.c
+++ csu/libc-tls.c
@@ -23,6 +23,7 @@
#include <unistd.h>
#include <stdio.h>
#include <sys/param.h>
+#include <sysdep.h>
#ifdef SHARED
@@ -29,6 +30,9 @@
#error makefile bug, this file is for static only
#endif
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+extern void *__sbrk_nosysenter (intptr_t __delta);
+#endif
extern ElfW(Phdr) *_dl_phdr;
extern size_t _dl_phnum;
@@ -141,14 +145,26 @@
The initialized value of _dl_tls_static_size is provided by dl-open.c
to request some surplus that permits dynamic loading of modules with
- IE-model TLS. */
+ IE-model TLS.
+
+ Where the normal sbrk would use a syscall that needs the TLS (i386)
+ use the special non-sysenter version instead. */
#if TLS_TCB_AT_TP
tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
+# else
tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
+# endif
#elif TLS_DTV_AT_TP
tcb_offset = roundup (tcbsize, align ?: 1);
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+# else
tlsblock = __sbrk (tcb_offset + memsz + max_align
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+# endif
tlsblock += TLS_PRE_TCB_SIZE;
#else
/* In case a model with a different layout for the TCB and DTV
--- misc/sbrk.c
+++ misc/sbrk.c
@@ -18,6 +18,7 @@
#include <errno.h>
#include <stdint.h>
#include <unistd.h>
+#include <sysdep.h>
/* Defined in brk.c. */
extern void *__curbrk;
@@ -29,6 +30,35 @@
/* Extend the process's data space by INCREMENT.
If INCREMENT is negative, shrink data space by - INCREMENT.
Return start of new space allocated, or -1 for errors. */
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ if the SYSENTER version requires the TLS (which it does on i386).
+ Obviously using the TLS before it is initialised is broken. */
+extern int __brk_nosysenter (void *addr);
+void *
+__sbrk_nosysenter (intptr_t increment)
+{
+ void *oldbrk;
+
+ /* If this is not part of the dynamic library or the library is used
+ via dynamic loading in a statically linked program update
+ __curbrk from the kernel's brk value. That way two separate
+ instances of __brk and __sbrk can share the heap, returning
+ interleaved pieces of it. */
+ if (__curbrk == NULL || __libc_multiple_libcs)
+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
+ return (void *) -1;
+
+ if (increment == 0)
+ return __curbrk;
+
+ oldbrk = __curbrk;
+ if (__brk_nosysenter (oldbrk + increment) < 0)
+ return (void *) -1;
+
+ return oldbrk;
+}
+#endif
void *
__sbrk (intptr_t increment)
{
--- sysdeps/unix/sysv/linux/i386/brk.c
+++ sysdeps/unix/sysv/linux/i386/brk.c
@@ -31,6 +31,30 @@
linker. */
weak_alias (__curbrk, ___brk_addr)
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ * if the SYSENTER version requires the TLS (which it does on i386).
+ * Obviously using the TLS before it is initialised is broken. */
+int
+__brk_nosysenter (void *addr)
+{
+ void *__unbounded newbrk;
+
+ INTERNAL_SYSCALL_DECL (err);
+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
+ __ptrvalue (addr));
+
+ __curbrk = newbrk;
+
+ if (newbrk < addr)
+ {
+ __set_errno (ENOMEM);
+ return -1;
+ }
+
+ return 0;
+}
+#endif
int
__brk (void *addr)
{
--- sysdeps/unix/sysv/linux/i386/sysdep.h
+++ sysdeps/unix/sysv/linux/i386/sysdep.h
@@ -187,7 +187,7 @@
/* The original calling convention for system calls on Linux/i386 is
to use int $0x80. */
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# if defined SHARED || defined __PIC__
# define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
# else
# define ENTER_KERNEL call *_dl_sysinfo
@@ -358,7 +358,7 @@
possible to use more than four parameters. */
#undef INTERNAL_SYSCALL
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# if defined SHARED || defined __PIC__
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
register unsigned int resultvar; \
@@ -384,6 +384,18 @@
: "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
ASMFMT_##nr(args) : "memory", "cc"); \
(int) resultvar; })
+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+ EXTRAVAR_##nr \
+ asm volatile ( \
+ LOADARGS_NOSYSENTER_##nr \
+ "movl %1, %%eax\n\t" \
+ "int $0x80\n\t" \
+ RESTOREARGS_NOSYSENTER_##nr \
+ : "=a" (resultvar) \
+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
# else
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
@@ -447,12 +459,20 @@
#define LOADARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
# define LOADARGS_1 \
"bpushl .L__X'%k3, %k3\n\t"
# define LOADARGS_5 \
"movl %%ebx, %4\n\t" \
"movl %3, %%ebx\n\t"
+# define LOADARGS_NOSYSENTER_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
+# define LOADARGS_NOSYSENTER_5 \
+ "movl %%ebx, %3\n\t" \
+ "movl %2, %%ebx\n\t"
# else
# define LOADARGS_1 \
"bpushl .L__X'%k2, %k2\n\t"
@@ -474,11 +495,18 @@
#define RESTOREARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
# define RESTOREARGS_1 \
"bpopl .L__X'%k3, %k3\n\t"
# define RESTOREARGS_5 \
"movl %4, %%ebx"
+# define RESTOREARGS_NOSYSENTER_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_5 \
+ "movl %3, %%ebx"
# else
# define RESTOREARGS_1 \
"bpopl .L__X'%k2, %k2\n\t"

42
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch vendored
View File

@ -1,42 +0,0 @@
2012-11-11 Magnus Granberg <zorry@gentoo.org>
#442712
* Makeconfig (+link): Set to +link-pie.
(+link-static-before-libc): Change $(static-start-installed-name) to
S$(static-start-installed-name).
(+prector): Set to +prectorS.
(+postctor): Set to +postctorS.
--- libc/Makeconfig
+++ libc/Makeconfig
@@ -447,11 +447,12 @@
$(common-objpfx)libc% $(+postinit),$^) \
$(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
endif
++link = $(+link-pie)
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
$(+preinit) $(+prectorT) \
$(filter-out $(addprefix $(csu-objpfx),start.o \
$(start-installed-name))\
@@ -549,11 +550,10 @@
ifeq ($(elf),yes)
+preinit = $(addprefix $(csu-objpfx),crti.o)
+postinit = $(addprefix $(csu-objpfx),crtn.o)
-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o`
-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
-# Variants of the two previous definitions for linking PIE programs.
+prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
+postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
++prector = $(+prectorS)
++postctor = $(+postctorS)
# Variants of the two previous definitions for statically linking programs.
+prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o`
+postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
+interp = $(addprefix $(elf-objpfx),interp.os)
endif
csu-objpfx = $(common-objpfx)csu/

314
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c vendored
View File

@ -1,314 +0,0 @@
/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
* License terms as above.
*
* Hardened Gentoo SSP and FORTIFY handler
*
* An SSP failure handler that does not use functions from the rest of
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
* no possibility of recursion into the handler.
*
* Direct all bug reports to http://bugs.gentoo.org/
*
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
*
* The following people contributed to the glibc-2.3 Hardened
* Gentoo SSP and FORTIFY handler, from which this implementation draws much:
*
* Ned Ludd - <solar[@]gentoo.org>
* Alexander Gabert - <pappy[@]gentoo.org>
* The PaX Team - <pageexec[@]freemail.hu>
* Peter S. Mazinger - <ps.m[@]gmx.net>
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
* Robert Connolly - <robert[@]linuxfromscratch.org>
* Cory Visi <cory[@]visi.name>
* Mike Frysinger <vapier[@]gentoo.org>
* Magnus Granberg <zorry[@]ume.nu>
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sysdep-cancel.h>
#include <sys/syscall.h>
#include <kernel-features.h>
#include <alloca.h>
/* from sysdeps */
#include <socketcall.h>
/* for the stuff in bits/socket.h */
#include <sys/socket.h>
#include <sys/un.h>
/* Sanity check on SYSCALL macro names - force compilation
* failure if the names used here do not exist
*/
#if !defined __NR_socketcall && !defined __NR_socket
# error Cannot do syscall socket or socketcall
#endif
#if !defined __NR_socketcall && !defined __NR_connect
# error Cannot do syscall connect or socketcall
#endif
#ifndef __NR_write
# error Cannot do syscall write
#endif
#ifndef __NR_close
# error Cannot do syscall close
#endif
#ifndef __NR_getpid
# error Cannot do syscall getpid
#endif
#ifndef __NR_kill
# error Cannot do syscall kill
#endif
#ifndef __NR_exit
# error Cannot do syscall exit
#endif
#ifdef SSP_SMASH_DUMPS_CORE
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
# if !defined _KERNEL_NSIG && !defined _NSIG
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
# endif
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
# error Cannot do syscall sigaction or rt_sigaction
# endif
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
* some reason.
*/
# ifdef _KERNEL_NSIG
# define _SSP_NSIG _KERNEL_NSIG
# else
# define _SSP_NSIG _NSIG
# endif
#else
# define _SSP_NSIG 0
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
#endif
/* Define DO_SIGACTION - default to newer rt signal interface but
* fallback to old as needed.
*/
#ifdef __NR_rt_sigaction
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
#else
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
#endif
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
#if defined(__NR_socket) && defined(__NR_connect)
# define USE_OLD_SOCKETCALL 0
#else
# define USE_OLD_SOCKETCALL 1
#endif
/* stub out the __NR_'s so we can let gcc optimize away dead code */
#ifndef __NR_socketcall
# define __NR_socketcall 0
#endif
#ifndef __NR_socket
# define __NR_socket 0
#endif
#ifndef __NR_connect
# define __NR_connect 0
#endif
#define DO_SOCKET(result, domain, type, protocol) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = domain; \
socketargs[1] = type; \
socketargs[2] = protocol; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
} else \
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
} while (0)
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = sockfd; \
socketargs[1] = (unsigned long int)serv_addr; \
socketargs[2] = addrlen; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
} else \
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
} while (0)
#ifndef _PATH_LOG
# define _PATH_LOG "/dev/log"
#endif
static const char path_log[] = _PATH_LOG;
/* For building glibc with SSP switched on, define __progname to a
* constant if building for the run-time loader, to avoid pulling
* in more of libc.so into ld.so
*/
#ifdef IS_IN_rtld
static char *__progname = "<rtld>";
#else
extern char *__progname;
#endif
/* Common handler code, used by chk_fail
* Inlined to ensure no self-references to the handler within itself.
* Data static to avoid putting more than necessary on the stack,
* to aid core debugging.
*/
__attribute__ ((__noreturn__ , __always_inline__))
static inline void
__hardened_gentoo_chk_fail(char func[], int damaged)
{
#define MESSAGE_BUFSIZ 256
static pid_t pid;
static int plen, i;
static char message[MESSAGE_BUFSIZ];
static const char msg_ssa[] = ": buffer overflow attack";
static const char msg_inf[] = " in function ";
static const char msg_ssd[] = "*** buffer overflow detected ***: ";
static const char msg_terminated[] = " - terminated\n";
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
static const char msg_unknown[] = "<unknown>";
static int log_socket, connect_result;
static struct sockaddr_un sock;
static unsigned long int socketargs[4];
/* Build socket address
*/
sock.sun_family = AF_UNIX;
i = 0;
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
sock.sun_path[i] = path_log[i];
i++;
}
sock.sun_path[i] = '\0';
/* Try SOCK_DGRAM connection to syslog */
connect_result = -1;
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
if (connect_result == -1) {
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Try SOCK_STREAM connection to syslog */
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
}
/* Build message. Messages are generated both in the old style and new style,
* so that log watchers that are configured for the old-style message continue
* to work.
*/
#define strconcat(str) \
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
{\
message[plen+i]=str[i];\
i++;\
}\
plen+=i;}
/* R.Henderson post-gcc-4 style message */
plen = 0;
strconcat(msg_ssd);
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Dr. Etoh pre-gcc-4 style message */
plen = 0;
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_ssa);
strconcat(msg_inf);
if (func != NULL)
strconcat(func)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Direct reports to bugs.gentoo.org */
plen=0;
strconcat(msg_report);
message[plen++]='\0';
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Suicide */
pid = INLINE_SYSCALL(getpid, 0);
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
static struct sigaction default_abort_act;
/* Remove any user-supplied handler for SIGABRT, before using it */
default_abort_act.sa_handler = SIG_DFL;
default_abort_act.sa_sigaction = NULL;
__sigfillset(&default_abort_act.sa_mask);
default_abort_act.sa_flags = 0;
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
}
/* Note; actions cannot be added to SIGKILL */
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
/* In case the kill didn't work, exit anyway
* The loop prevents gcc thinking this routine returns
*/
while (1)
INLINE_SYSCALL(exit, 0);
}
__attribute__ ((__noreturn__))
void __chk_fail(void)
{
__hardened_gentoo_chk_fail(NULL, 0);
}

322
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c vendored
View File

@ -1,322 +0,0 @@
/* Copyright (C) 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
* License terms as above.
*
* Hardened Gentoo SSP handler
*
* An SSP failure handler that does not use functions from the rest of
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
* no possibility of recursion into the handler.
*
* Direct all bug reports to http://bugs.gentoo.org/
*
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
*
* Fixed to support glibc-2.18 by Magnus Granberg - <zorry[@]gentoo.org>
*
* The following people contributed to the glibc-2.3 Hardened
* Gentoo SSP handler, from which this implementation draws much:
*
* Ned Ludd - <solar[@]gentoo.org>
* Alexander Gabert - <pappy[@]gentoo.org>
* The PaX Team - <pageexec[@]freemail.hu>
* Peter S. Mazinger - <ps.m[@]gmx.net>
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
* Robert Connolly - <robert[@]linuxfromscratch.org>
* Cory Visi <cory[@]visi.name>
* Mike Frysinger <vapier[@]gentoo.org>
*/
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sysdep-cancel.h>
#include <sys/syscall.h>
#include <kernel-features.h>
#include <alloca.h>
/* from sysdeps */
#include <socketcall.h>
/* for the stuff in bits/socket.h */
#include <sys/socket.h>
#include <sys/un.h>
/* Sanity check on SYSCALL macro names - force compilation
* failure if the names used here do not exist
*/
#if !defined __NR_socketcall && !defined __NR_socket
# error Cannot do syscall socket or socketcall
#endif
#if !defined __NR_socketcall && !defined __NR_connect
# error Cannot do syscall connect or socketcall
#endif
#ifndef __NR_write
# error Cannot do syscall write
#endif
#ifndef __NR_close
# error Cannot do syscall close
#endif
#ifndef __NR_getpid
# error Cannot do syscall getpid
#endif
#ifndef __NR_kill
# error Cannot do syscall kill
#endif
#ifndef __NR_exit
# error Cannot do syscall exit
#endif
#ifdef SSP_SMASH_DUMPS_CORE
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
# if !defined _KERNEL_NSIG && !defined _NSIG
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
# endif
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
# error Cannot do syscall sigaction or rt_sigaction
# endif
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
* some reason.
*/
# ifdef _KERNEL_NSIG
# define _SSP_NSIG _KERNEL_NSIG
# else
# define _SSP_NSIG _NSIG
# endif
#else
# define _SSP_NSIG 0
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
#endif
/* Define DO_SIGACTION - default to newer rt signal interface but
* fallback to old as needed.
*/
#ifdef __NR_rt_sigaction
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
#else
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
#endif
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
#if defined(__NR_socket) && defined(__NR_connect)
# define USE_OLD_SOCKETCALL 0
#else
# define USE_OLD_SOCKETCALL 1
#endif
/* stub out the __NR_'s so we can let gcc optimize away dead code */
#ifndef __NR_socketcall
# define __NR_socketcall 0
#endif
#ifndef __NR_socket
# define __NR_socket 0
#endif
#ifndef __NR_connect
# define __NR_connect 0
#endif
#define DO_SOCKET(result, domain, type, protocol) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = domain; \
socketargs[1] = type; \
socketargs[2] = protocol; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
} else \
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
} while (0)
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = sockfd; \
socketargs[1] = (unsigned long int)serv_addr; \
socketargs[2] = addrlen; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
} else \
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
} while (0)
#ifndef _PATH_LOG
# define _PATH_LOG "/dev/log"
#endif
static const char path_log[] = _PATH_LOG;
/* For building glibc with SSP switched on, define __progname to a
* constant if building for the run-time loader, to avoid pulling
* in more of libc.so into ld.so
*/
#ifdef IS_IN_rtld
static char *__progname = "<rtld>";
#else
extern char *__progname;
#endif
/* Common handler code, used by stack_chk_fail and __stack_smash_handler
* Inlined to ensure no self-references to the handler within itself.
* Data static to avoid putting more than necessary on the stack,
* to aid core debugging.
*/
__attribute__ ((__noreturn__ , __always_inline__))
static inline void
__hardened_gentoo_stack_chk_fail(char func[], int damaged)
{
#define MESSAGE_BUFSIZ 256
static pid_t pid;
static int plen, i;
static char message[MESSAGE_BUFSIZ];
static const char msg_ssa[] = ": stack smashing attack";
static const char msg_inf[] = " in function ";
static const char msg_ssd[] = "*** stack smashing detected ***: ";
static const char msg_terminated[] = " - terminated\n";
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
static const char msg_unknown[] = "<unknown>";
static int log_socket, connect_result;
static struct sockaddr_un sock;
static unsigned long int socketargs[4];
/* Build socket address
*/
sock.sun_family = AF_UNIX;
i = 0;
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
sock.sun_path[i] = path_log[i];
i++;
}
sock.sun_path[i] = '\0';
/* Try SOCK_DGRAM connection to syslog */
connect_result = -1;
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
if (connect_result == -1) {
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Try SOCK_STREAM connection to syslog */
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
}
/* Build message. Messages are generated both in the old style and new style,
* so that log watchers that are configured for the old-style message continue
* to work.
*/
#define strconcat(str) \
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
{\
message[plen+i]=str[i];\
i++;\
}\
plen+=i;}
/* R.Henderson post-gcc-4 style message */
plen = 0;
strconcat(msg_ssd);
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Dr. Etoh pre-gcc-4 style message */
plen = 0;
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_ssa);
strconcat(msg_inf);
if (func != NULL)
strconcat(func)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Direct reports to bugs.gentoo.org */
plen=0;
strconcat(msg_report);
message[plen++]='\0';
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Suicide */
pid = INLINE_SYSCALL(getpid, 0);
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
static struct sigaction default_abort_act;
/* Remove any user-supplied handler for SIGABRT, before using it */
default_abort_act.sa_handler = SIG_DFL;
default_abort_act.sa_sigaction = NULL;
__sigfillset(&default_abort_act.sa_mask);
default_abort_act.sa_flags = 0;
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
}
/* Note; actions cannot be added to SIGKILL */
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
/* In case the kill didn't work, exit anyway
* The loop prevents gcc thinking this routine returns
*/
while (1)
INLINE_SYSCALL(exit, 0);
}
__attribute__ ((__noreturn__))
void __stack_chk_fail(void)
{
__hardened_gentoo_stack_chk_fail(NULL, 0);
}
#ifdef ENABLE_OLD_SSP_COMPAT
__attribute__ ((__noreturn__))
void __stack_smash_handler(char func[], int damaged)
{
__hardened_gentoo_stack_chk_fail(func, damaged);
}
#endif

277
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch vendored
View File

@ -1,277 +0,0 @@
When building glibc PIE (which is not something upstream support),
several modifications are necessary to the glibc build process.
First, any syscalls in PIEs must be of the PIC variant, otherwise
textrels ensue. Then, any syscalls made before the initialisation
of the TLS will fail on i386, as the sysenter variant on i386 uses
the TLS, giving rise to a chicken-and-egg situation. This patch
defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
version is normally used, and uses the non-sysenter version for the brk
syscall that is performed by the TLS initialisation. Further, the TLS
initialisation is moved in this case prior to the initialisation of
dl_osversion, as that requires further syscalls.
csu/libc-start.c: Move initial TLS initialization to before the
initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
csu/libc-tls.c: Use the no-sysenter version of sbrk when
INTERNAL_SYSCALL_NOSYSENTER is defined.
misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
misc/brk.c: Define a no-sysenter version of brk if
INTERNAL_SYSCALL_NOSYSENTER is defined.
sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
--- csu/libc-start.c
+++ csu/libc-start.c
@@ -28,6 +28,7 @@
extern int __libc_multiple_libcs;
#include <tls.h>
+#include <sysdep.h>
#ifndef SHARED
# include <dl-osinfo.h>
extern void __pthread_initialize_minimal (void);
@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char
GL(dl_phnum) = __ehdr_start.e_phnum;
}
}
-
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ /* Do the initial TLS initialization before _dl_osversion,
+ since the latter uses the uname syscall. */
+ __pthread_initialize_minimal ();
+# endif
# ifdef DL_SYSDEP_OSCHECK
if (!__libc_multiple_libcs)
{
@@ -138,10 +144,12 @@
}
# endif
+# ifndef INTERNAL_SYSCALL_NOSYSENTER
/* Initialize the thread library at least a bit since the libgcc
functions are using thread functions if these are available and
we need to setup errno. */
__pthread_initialize_minimal ();
+# endif
/* Set up the stack checker's canary. */
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
--- csu/libc-tls.c
+++ csu/libc-tls.c
@@ -22,14 +22,17 @@
#include <unistd.h>
#include <stdio.h>
#include <sys/param.h>
-
+#include <sysdep.h>
#ifdef SHARED
#error makefile bug, this file is for static only
#endif
-dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+extern void *__sbrk_nosysenter (intptr_t __delta);
+#endif
+dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
static struct
{
@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t
The initialized value of _dl_tls_static_size is provided by dl-open.c
to request some surplus that permits dynamic loading of modules with
- IE-model TLS. */
+ IE-model TLS.
+
+ Where the normal sbrk would use a syscall that needs the TLS (i386)
+ use the special non-sysenter version instead. */
#if TLS_TCB_AT_TP
tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
+# else
tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
+#endif
#elif TLS_DTV_AT_TP
tcb_offset = roundup (tcbsize, align ?: 1);
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+# else
tlsblock = __sbrk (tcb_offset + memsz + max_align
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+#endif
tlsblock += TLS_PRE_TCB_SIZE;
#else
/* In case a model with a different layout for the TCB and DTV
--- misc/sbrk.c
+++ misc/sbrk.c
@@ -18,6 +18,7 @@
#include <errno.h>
#include <stdint.h>
#include <unistd.h>
+#include <sysdep.h>
/* Defined in brk.c. */
extern void *__curbrk;
@@ -29,6 +30,35 @@
/* Extend the process's data space by INCREMENT.
If INCREMENT is negative, shrink data space by - INCREMENT.
Return start of new space allocated, or -1 for errors. */
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ if the SYSENTER version requires the TLS (which it does on i386).
+ Obviously using the TLS before it is initialised is broken. */
+extern int __brk_nosysenter (void *addr);
+void *
+__sbrk_nosysenter (intptr_t increment)
+{
+ void *oldbrk;
+
+ /* If this is not part of the dynamic library or the library is used
+ via dynamic loading in a statically linked program update
+ __curbrk from the kernel's brk value. That way two separate
+ instances of __brk and __sbrk can share the heap, returning
+ interleaved pieces of it. */
+ if (__curbrk == NULL || __libc_multiple_libcs)
+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
+ return (void *) -1;
+
+ if (increment == 0)
+ return __curbrk;
+
+ oldbrk = __curbrk;
+ if (__brk_nosysenter (oldbrk + increment) < 0)
+ return (void *) -1;
+
+ return oldbrk;
+}
+#endif
void *
__sbrk (intptr_t increment)
{
--- sysdeps/unix/sysv/linux/i386/brk.c
+++ sysdeps/unix/sysv/linux/i386/brk.c
@@ -31,6 +31,29 @@
linker. */
weak_alias (__curbrk, ___brk_addr)
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ * if the SYSENTER version requires the TLS (which it does on i386).
+ * Obviously using the TLS before it is initialised is broken. */
+int
+__brk_nosysenter (void *addr)
+{
+ void * newbrk;
+
+ INTERNAL_SYSCALL_DECL (err);
+ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr);
+
+ __curbrk = newbrk;
+
+ if (newbrk < addr)
+ {
+ __set_errno (ENOMEM);
+ return -1;
+ }
+
+ return 0;
+}
+#endif
int
__brk (void *addr)
{
--- sysdeps/unix/sysv/linux/i386/sysdep.h
+++ sysdeps/unix/sysv/linux/i386/sysdep.h
@@ -187,7 +187,7 @@
/* The original calling convention for system calls on Linux/i386 is
to use int $0x80. */
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# if defined SHARED || defined __PIC__
# define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
# else
# define ENTER_KERNEL call *_dl_sysinfo
@@ -358,7 +358,7 @@
possible to use more than four parameters. */
#undef INTERNAL_SYSCALL
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# if defined SHARED || defined __PIC__
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
register unsigned int resultvar; \
@@ -384,6 +384,18 @@
: "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
ASMFMT_##nr(args) : "memory", "cc"); \
(int) resultvar; })
+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+ EXTRAVAR_##nr \
+ asm volatile ( \
+ LOADARGS_NOSYSENTER_##nr \
+ "movl %1, %%eax\n\t" \
+ "int $0x80\n\t" \
+ RESTOREARGS_NOSYSENTER_##nr \
+ : "=a" (resultvar) \
+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
# else
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
@@ -447,12 +459,20 @@
#define LOADARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
# define LOADARGS_1 \
"bpushl .L__X'%k3, %k3\n\t"
# define LOADARGS_5 \
"movl %%ebx, %4\n\t" \
"movl %3, %%ebx\n\t"
+# define LOADARGS_NOSYSENTER_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
+# define LOADARGS_NOSYSENTER_5 \
+ "movl %%ebx, %3\n\t" \
+ "movl %2, %%ebx\n\t"
# else
# define LOADARGS_1 \
"bpushl .L__X'%k2, %k2\n\t"
@@ -474,11 +495,18 @@
#define RESTOREARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
# define RESTOREARGS_1 \
"bpopl .L__X'%k3, %k3\n\t"
# define RESTOREARGS_5 \
"movl %4, %%ebx"
+# define RESTOREARGS_NOSYSENTER_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_5 \
+ "movl %3, %%ebx"
# else
# define RESTOREARGS_1 \
"bpopl .L__X'%k2, %k2\n\t"

30
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch vendored
View File

@ -1,30 +0,0 @@
Prevent default-fPIE from confusing configure into thinking
PIC code is default. This causes glibc to build both PIC and
non-PIC code as normal, which on the hardened compiler generates
PIC and PIE.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for glibc 2.19 by Magnus Granberg <zorry@ume.nu>
--- configure.ac
+++ configure.ac
@@ -2145,7 +2145,7 @@
# error PIC is default.
#endif
EOF
-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
--- configure
+++ configure
@@ -7698,7 +7698,7 @@
# error PIC is default.
#endif
EOF
-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
libc_cv_pic_default=no
fi
rm -f conftest.*

306
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch vendored
View File

@ -1,306 +0,0 @@
When building glibc PIE (which is not something upstream support),
several modifications are necessary to the glibc build process.
First, any syscalls in PIEs must be of the PIC variant, otherwise
textrels ensue. Then, any syscalls made before the initialisation
of the TLS will fail on i386, as the sysenter variant on i386 uses
the TLS, giving rise to a chicken-and-egg situation. This patch
defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
version is normally used, and uses the non-sysenter version for the brk
syscall that is performed by the TLS initialisation. Further, the TLS
initialisation is moved in this case prior to the initialisation of
dl_osversion, as that requires further syscalls.
csu/libc-start.c: Move initial TLS initialization to before the
initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined
csu/libc-tls.c: Use the no-sysenter version of sbrk when
INTERNAL_SYSCALL_PRE_TLS is defined.
misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined.
misc/brk.c: Define a no-sysenter version of brk if
INTERNAL_SYSCALL_PRE_TLS is defined.
sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS
Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org>
--- a/csu/libc-start.c
+++ b/csu/libc-start.c
@@ -28,6 +28,7 @@
extern int __libc_multiple_libcs;
#include <tls.h>
+#include <sysdep.h>
#ifndef SHARED
# include <dl-osinfo.h>
extern void __pthread_initialize_minimal (void);
@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char
}
}
+# ifdef INTERNAL_SYSCALL_PRE_TLS
+ /* Do the initial TLS initialization before _dl_osversion,
+ since the latter uses the uname syscall. */
+ __pthread_initialize_minimal ();
+# endif
# ifdef DL_SYSDEP_OSCHECK
if (!__libc_multiple_libcs)
{
@@ -138,10 +144,12 @@
}
# endif
+# ifndef INTERNAL_SYSCALL_PRE_TLS
/* Initialize the thread library at least a bit since the libgcc
functions are using thread functions if these are available and
we need to setup errno. */
__pthread_initialize_minimal ();
+# endif
/* Set up the stack checker's canary. */
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
--- a/csu/libc-tls.c
+++ b/csu/libc-tls.c
@@ -22,12 +22,17 @@
#include <unistd.h>
#include <stdio.h>
#include <sys/param.h>
+#include <sysdep.h>
#ifdef SHARED
#error makefile bug, this file is for static only
#endif
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+extern void *__sbrk_nosysenter (intptr_t __delta);
+#endif
+
dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t
The initialized value of _dl_tls_static_size is provided by dl-open.c
to request some surplus that permits dynamic loading of modules with
- IE-model TLS. */
+ IE-model TLS.
+
+ Where the normal sbrk would use a syscall that needs the TLS (i386)
+ use the special non-sysenter version instead. */
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+# define __sbrk __sbrk_nosysenter
+#endif
#if TLS_TCB_AT_TP
tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
#elif TLS_DTV_AT_TP
tcb_offset = roundup (tcbsize, align ?: 1);
tlsblock = __sbrk (tcb_offset + memsz + max_align
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
tlsblock += TLS_PRE_TCB_SIZE;
#else
/* In case a model with a different layout for the TCB and DTV
is defined add another #elif here and in the following #ifs. */
# error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
#endif
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+# undef __sbrk
+#endif
/* Align the TLS block. */
tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1)
--- a/misc/sbrk.c
+++ b/misc/sbrk.c
@@ -18,6 +18,7 @@
#include <errno.h>
#include <stdint.h>
#include <unistd.h>
+#include <sysdep.h>
/* Defined in brk.c. */
extern void *__curbrk;
@@ -29,6 +30,35 @@
/* Extend the process's data space by INCREMENT.
If INCREMENT is negative, shrink data space by - INCREMENT.
Return start of new space allocated, or -1 for errors. */
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ if the SYSENTER version requires the TLS (which it does on i386).
+ Obviously using the TLS before it is initialised is broken. */
+extern int __brk_nosysenter (void *addr);
+void *
+__sbrk_nosysenter (intptr_t increment)
+{
+ void *oldbrk;
+
+ /* If this is not part of the dynamic library or the library is used via
+ dynamic loading in a statically linked program update __curbrk from the
+ kernel's brk value. That way two separate instances of __brk and __sbrk
+ can share the heap, returning interleaved pieces of it. */
+ if (__curbrk == NULL || __libc_multiple_libcs)
+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
+ return (void *) -1;
+
+ if (increment == 0)
+ return __curbrk;
+
+ oldbrk = __curbrk;
+ if (__brk_nosysenter (oldbrk + increment) < 0)
+ return (void *) -1;
+
+ return oldbrk;
+}
+#endif
+
void *
__sbrk (intptr_t increment)
{
--- a/sysdeps/unix/sysv/linux/i386/brk.c
+++ b/sysdeps/unix/sysv/linux/i386/brk.c
@@ -31,6 +31,30 @@
linker. */
weak_alias (__curbrk, ___brk_addr)
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ if the SYSENTER version requires the TLS (which it does on i386).
+ Obviously using the TLS before it is initialised is broken. */
+int
+__brk_nosysenter (void *addr)
+{
+ void *newbrk;
+
+ INTERNAL_SYSCALL_DECL (err);
+ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr);
+
+ __curbrk = newbrk;
+
+ if (newbrk < addr)
+ {
+ __set_errno (ENOMEM);
+ return -1;
+ }
+
+ return 0;
+}
+#endif
+
int
__brk (void *addr)
{
--- a/sysdeps/unix/sysv/linux/i386/sysdep.h
+++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
@@ -187,7 +187,7 @@
/* The original calling convention for system calls on Linux/i386 is
to use int $0x80. */
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# ifdef __PIC__
# define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
# else
# define ENTER_KERNEL call *_dl_sysinfo
@@ -358,7 +358,7 @@
possible to use more than four parameters. */
#undef INTERNAL_SYSCALL
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# ifdef __PIC__
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
register unsigned int resultvar; \
@@ -384,6 +384,18 @@
: "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
ASMFMT_##nr(args) : "memory", "cc"); \
(int) resultvar; })
+# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+ EXTRAVAR_##nr \
+ asm volatile ( \
+ LOADARGS_NOSYSENTER_##nr \
+ "movl %1, %%eax\n\t" \
+ "int $0x80\n\t" \
+ RESTOREARGS_NOSYSENTER_##nr \
+ : "=a" (resultvar) \
+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
# else
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
@@ -447,12 +459,20 @@
#define LOADARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && defined __PIC__
# define LOADARGS_1 \
"bpushl .L__X'%k3, %k3\n\t"
# define LOADARGS_5 \
"movl %%ebx, %4\n\t" \
"movl %3, %%ebx\n\t"
+# define LOADARGS_NOSYSENTER_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
+# define LOADARGS_NOSYSENTER_5 \
+ "movl %%ebx, %3\n\t" \
+ "movl %2, %%ebx\n\t"
# else
# define LOADARGS_1 \
"bpushl .L__X'%k2, %k2\n\t"
@@ -474,11 +494,18 @@
#define RESTOREARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && defined __PIC__
# define RESTOREARGS_1 \
"bpopl .L__X'%k3, %k3\n\t"
# define RESTOREARGS_5 \
"movl %4, %%ebx"
+# define RESTOREARGS_NOSYSENTER_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_5 \
+ "movl %3, %%ebx"
# else
# define RESTOREARGS_1 \
"bpopl .L__X'%k2, %k2\n\t"
--- a/sysdeps/i386/nptl/tls.h
+++ b/sysdeps/i386/nptl/tls.h
@@ -189,6 +189,15 @@
desc->vals[3] = 0x51;
}
+/* We have no sysenter until the tls is initialized which is a
+ problem for PIC. Thus we need to do the right call depending
+ on the situation. */
+#ifndef INTERNAL_SYSCALL_PRE_TLS
+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL
+#else
+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS
+#endif
+
/* Code to initially initialize the thread pointer. This might need
special attention since 'errno' is not yet available and if the
operation can cause a failure 'errno' must not be touched. */
@@ -209,7 +218,7 @@
\
/* Install the TLS. */ \
INTERNAL_SYSCALL_DECL (err); \
- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
+ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
\
if (_result == 0) \
/* We know the index in the GDT, now load the segment register. \

57
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch vendored
View File

@ -1,57 +0,0 @@
From 388b4f1a02f3a801965028bbfcd48d905638b797 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Fri, 23 Jun 2017 14:38:46 -0700
Subject: [PATCH] Avoid .symver on common symbols [BZ #21666]
The .symver directive on common symbol just creates a new common symbol,
not an alias and the newer assembler with the bug fix for
https://sourceware.org/bugzilla/show_bug.cgi?id=21661
will issue an error. Before the fix, we got
$ readelf -sW libc.so | grep "loc[12s]"
5109: 00000000003a0608 8 OBJECT LOCAL DEFAULT 36 loc1
5188: 00000000003a0610 8 OBJECT LOCAL DEFAULT 36 loc2
5455: 00000000003a0618 8 OBJECT LOCAL DEFAULT 36 locs
6575: 00000000003a05f0 8 OBJECT GLOBAL DEFAULT 36 locs@GLIBC_2.2.5
7156: 00000000003a05f8 8 OBJECT GLOBAL DEFAULT 36 loc1@GLIBC_2.2.5
7312: 00000000003a0600 8 OBJECT GLOBAL DEFAULT 36 loc2@GLIBC_2.2.5
in libc.so. The versioned loc1, loc2 and locs have the wrong addresses.
After the fix, we got
$ readelf -sW libc.so | grep "loc[12s]"
6570: 000000000039e3b8 8 OBJECT GLOBAL DEFAULT 34 locs@GLIBC_2.2.5
7151: 000000000039e3c8 8 OBJECT GLOBAL DEFAULT 34 loc1@GLIBC_2.2.5
7307: 000000000039e3c0 8 OBJECT GLOBAL DEFAULT 34 loc2@GLIBC_2.2.5
[BZ #21666]
* misc/regexp.c (loc1): Add __attribute__ ((nocommon));
(loc2): Likewise.
(locs): Likewise.
---
diff --git a/misc/regexp.c b/misc/regexp.c
index 19d76c0..eaea7c3 100644
--- a/misc/regexp.c
+++ b/misc/regexp.c
@@ -29,14 +29,15 @@
#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_23)
-/* Define the variables used for the interface. */
-char *loc1;
-char *loc2;
+/* Define the variables used for the interface. Avoid .symver on common
+ symbol, which just creates a new common symbol, not an alias. */
+char *loc1 __attribute__ ((nocommon));
+char *loc2 __attribute__ ((nocommon));
compat_symbol (libc, loc1, loc1, GLIBC_2_0);
compat_symbol (libc, loc2, loc2, GLIBC_2_0);
/* Although we do not support the use we define this variable as well. */
-char *locs;
+char *locs __attribute__ ((nocommon));
compat_symbol (libc, locs, locs, GLIBC_2_0);

270
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch vendored
View File

@ -1,270 +0,0 @@
From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001
From: Mike FABIAN <mfabian@redhat.com>
Date: Mon, 10 Aug 2015 15:58:12 +0200
Subject: [PATCH] Add a C.UTF-8 locale
---
localedata/SUPPORTED | 1 +
localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 239 insertions(+)
create mode 100644 localedata/locales/C
diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED
index 8ca023e..2a78391 100644
--- a/localedata/SUPPORTED
+++ b/localedata/SUPPORTED
@@ -1,6 +1,7 @@
# This file names the currently supported and somewhat tested locales.
# If you have any additions please file a glibc bug report.
SUPPORTED-LOCALES=\
+C.UTF-8/UTF-8 \
aa_DJ.UTF-8/UTF-8 \
aa_DJ/ISO-8859-1 \
aa_ER/UTF-8 \
diff --git a/localedata/locales/C b/localedata/locales/C
new file mode 100644
index 0000000..fdf460e
--- /dev/null
+++ b/localedata/locales/C
@@ -0,0 +1,238 @@
+escape_char /
+comment_char %
+% Locale for C locale in UTF-8
+
+LC_IDENTIFICATION
+title "C locale"
+source ""
+address ""
+contact ""
+email "mfabian@redhat.com"
+tel ""
+fax ""
+language "C"
+territory ""
+revision "1.0"
+date "2015-08-10"
+%
+category "C:2015";LC_IDENTIFICATION
+category "C:2015";LC_CTYPE
+category "C:2015";LC_COLLATE
+category "C:2015";LC_TIME
+category "C:2015";LC_NUMERIC
+category "C:2015";LC_MONETARY
+category "C:2015";LC_MESSAGES
+category "C:2015";LC_PAPER
+category "C:2015";LC_NAME
+category "C:2015";LC_ADDRESS
+category "C:2015";LC_TELEPHONE
+category "C:2015";LC_MEASUREMENT
+END LC_IDENTIFICATION
+
+LC_CTYPE
+copy "i18n"
+
+translit_start
+include "translit_combining";""
+translit_end
+
+END LC_CTYPE
+
+LC_COLLATE
+order_start forward
+<U0000>
+..
+<UFFFF>
+<U10000>
+..
+<U1FFFF>
+<U20000>
+..
+<U2FFFF>
+<UE0000>
+..
+<UEFFFF>
+<UF0000>
+..
+<UFFFFF>
+<U100000>
+..
+<U10FFFF>
+UNDEFINED
+order_end
+END LC_COLLATE
+
+LC_MONETARY
+% This is the 14652 i18n fdcc-set definition for
+% the LC_MONETARY category
+% (except for the int_curr_symbol and currency_symbol, they are empty in
+% the 14652 i18n fdcc-set definition and also empty in
+% glibc/locale/C-monetary.c. But localedef complains in that case).
+%
+% Using "USD" for int_curr_symbol. But maybe "XXX" would be better?
+% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217)
+int_curr_symbol "<U0055><U0053><U0044><U0020>"
+% Using "$" for currency_symbol. But maybe <U00A4> would be better?
+% U+00A4 is the "generic currency symbol"
+% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29)
+currency_symbol "<U0024>"
+mon_decimal_point "<U002E>"
+mon_thousands_sep ""
+mon_grouping -1
+positive_sign ""
+negative_sign "<U002D>"
+int_frac_digits -1
+frac_digits -1
+p_cs_precedes -1
+int_p_sep_by_space -1
+p_sep_by_space -1
+n_cs_precedes -1
+int_n_sep_by_space -1
+n_sep_by_space -1
+p_sign_posn -1
+n_sign_posn -1
+%
+END LC_MONETARY
+
+LC_NUMERIC
+% This is the POSIX Locale definition for
+% the LC_NUMERIC category.
+%
+decimal_point "<U002E>"
+thousands_sep ""
+grouping -1
+END LC_NUMERIC
+
+LC_TIME
+% This is the POSIX Locale definition for
+% the LC_TIME category.
+%
+% Abbreviated weekday names (%a)
+abday "<U0053><U0075><U006E>";"<U004D><U006F><U006E>";/
+ "<U0054><U0075><U0065>";"<U0057><U0065><U0064>";/
+ "<U0054><U0068><U0075>";"<U0046><U0072><U0069>";/
+ "<U0053><U0061><U0074>"
+
+% Full weekday names (%A)
+day "<U0053><U0075><U006E><U0064><U0061><U0079>";/
+ "<U004D><U006F><U006E><U0064><U0061><U0079>";/
+ "<U0054><U0075><U0065><U0073><U0064><U0061><U0079>";/
+ "<U0057><U0065><U0064><U006E><U0065><U0073><U0064><U0061><U0079>";/
+ "<U0054><U0068><U0075><U0072><U0073><U0064><U0061><U0079>";/
+ "<U0046><U0072><U0069><U0064><U0061><U0079>";/
+ "<U0053><U0061><U0074><U0075><U0072><U0064><U0061><U0079>"
+
+% Abbreviated month names (%b)
+abmon "<U004A><U0061><U006E>";"<U0046><U0065><U0062>";/
+ "<U004D><U0061><U0072>";"<U0041><U0070><U0072>";/
+ "<U004D><U0061><U0079>";"<U004A><U0075><U006E>";/
+ "<U004A><U0075><U006C>";"<U0041><U0075><U0067>";/
+ "<U0053><U0065><U0070>";"<U004F><U0063><U0074>";/
+ "<U004E><U006F><U0076>";"<U0044><U0065><U0063>"
+
+% Full month names (%B)
+mon "<U004A><U0061><U006E><U0075><U0061><U0072><U0079>";/
+ "<U0046><U0065><U0062><U0072><U0075><U0061><U0072><U0079>";/
+ "<U004D><U0061><U0072><U0063><U0068>";/
+ "<U0041><U0070><U0072><U0069><U006C>";/
+ "<U004D><U0061><U0079>";/
+ "<U004A><U0075><U006E><U0065>";/
+ "<U004A><U0075><U006C><U0079>";/
+ "<U0041><U0075><U0067><U0075><U0073><U0074>";/
+ "<U0053><U0065><U0070><U0074><U0065><U006D><U0062><U0065><U0072>";/
+ "<U004F><U0063><U0074><U006F><U0062><U0065><U0072>";/
+ "<U004E><U006F><U0076><U0065><U006D><U0062><U0065><U0072>";/
+ "<U0044><U0065><U0063><U0065><U006D><U0062><U0065><U0072>"
+
+% Week description, consists of three fields:
+% 1. Number of days in a week.
+% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday).
+% 3. The weekday number to be contained in the first week of the year.
+%
+% ISO 8601 conforming applications should use the values 7, 19971201 (a
+% Monday), and 4 (Thursday), respectively.
+week 7;19971201;4
+first_weekday 1
+first_workday 1
+
+% Appropriate date and time representation (%c)
+% "%a %b %e %H:%M:%S %Y"
+d_t_fmt "<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0059>"
+
+% Appropriate date representation (%x)
+% "%m/%d/%y"
+d_fmt "<U0025><U006D><U002F><U0025><U0064><U002F><U0025><U0079>"
+
+% Appropriate time representation (%X)
+% "%H:%M:%S"
+t_fmt "<U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053>"
+
+% Appropriate AM/PM time representation (%r)
+% "%I:%M:%S %p"
+t_fmt_ampm "<U0025><U0049><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0070>"
+
+% Equivalent of AM/PM (%p) "AM"/"PM"
+%
+am_pm "<U0041><U004D>";"<U0050><U004D>"
+
+% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y"
+date_fmt "<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U005A><U0020><U0025><U0059>"
+END LC_TIME
+
+LC_MESSAGES
+% This is the POSIX Locale definition for
+% the LC_NUMERIC category.
+%
+yesexpr "<U005E><U005B><U0079><U0059><U005D>"
+noexpr "<U005E><U005B><U006E><U004E><U005D>"
+yesstr "<U0059><U0065><U0073>"
+nostr "<U004E><U006F>"
+END LC_MESSAGES
+
+LC_PAPER
+% This is the ISO/IEC 14652 "i18n" definition for
+% the LC_PAPER category.
+% (A4 paper, this is also used in the built in C/POSIX
+% locale in glibc/locale/C-paper.c)
+height 297
+width 210
+END LC_PAPER
+
+LC_NAME
+% This is the ISO/IEC 14652 "i18n" definition for
+% the LC_NAME category.
+% "%p%t%g%t%m%t%f"
+% (also used in the built in C/POSIX locale in glibc/locale/C-name.c)
+name_fmt "<U0025><U0070><U0025><U0074><U0025><U0067><U0025><U0074>/
+<U0025><U006D><U0025><U0074><U0025><U0066>"
+END LC_NAME
+
+LC_ADDRESS
+% This is the ISO/IEC 14652 "i18n" definition for
+% the LC_ADDRESS category.
+% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N"
+% (also used in the built in C/POSIX locale in glibc/locale/C-address.c)
+postal_fmt "<U0025><U0061><U0025><U004E><U0025><U0066><U0025><U004E>/
+<U0025><U0064><U0025><U004E><U0025><U0062><U0025><U004E><U0025><U0073>/
+<U0020><U0025><U0068><U0020><U0025><U0065><U0020><U0025><U0072><U0025>/
+<U004E><U0025><U0043><U002D><U0025><U007A><U0020><U0025><U0054><U0025>/
+<U004E><U0025><U0063><U0025><U004E>"
+END LC_ADDRESS
+
+LC_TELEPHONE
+% This is the ISO/IEC 14652 "i18n" definition for
+% the LC_TELEPHONE category.
+% "+%c %a %l"
+tel_int_fmt "<U002B><U0025><U0063><U0020><U0025><U0061><U0020><U0025>/
+<U006C>"
+% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c)
+END LC_TELEPHONE
+
+LC_MEASUREMENT
+% This is the ISO/IEC 14652 "i18n" definition for
+% the LC_MEASUREMENT category.
+% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c)
+%metric
+measurement 1
+END LC_MEASUREMENT
+
--
2.4.3

132
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch vendored
View File

@ -1,132 +0,0 @@
diff -Naur glibc-2.22_orig/nptl/createthread.c glibc-2.22/nptl/createthread.c
--- glibc-2.22_orig/nptl/createthread.c 2015-08-04 23:42:21.000000000 -0700
+++ glibc-2.22/nptl/createthread.c 2016-09-28 11:27:50.831206703 -0700
@@ -25,13 +25,13 @@
static int
create_thread (struct pthread *pd, const struct pthread_attr *attr,
- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran)
+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran)
{
/* If the implementation needs to do some tweaks to the thread after
it has been created at the OS level, it can set STOPPED_START here. */
- pd->stopped_start = stopped_start;
- if (__glibc_unlikely (stopped_start))
+ pd->stopped_start = *stopped_start;
+ if (__glibc_unlikely (*stopped_start))
/* We make sure the thread does not run far by forcing it to get a
lock. We lock it here too so that the new thread cannot continue
until we tell it to. */
diff -Naur glibc-2.22_orig/nptl/pthread_create.c glibc-2.22/nptl/pthread_create.c
--- glibc-2.22_orig/nptl/pthread_create.c 2015-08-04 23:42:21.000000000 -0700
+++ glibc-2.22/nptl/pthread_create.c 2016-09-28 11:31:20.839209223 -0700
@@ -72,7 +72,7 @@
case it is responsible for doing its own cleanup. */
static int create_thread (struct pthread *pd, const struct pthread_attr *attr,
- bool stopped_start, STACK_VARIABLES_PARMS,
+ bool *stopped_start, STACK_VARIABLES_PARMS,
bool *thread_ran);
#include <createthread.c>
@@ -633,14 +633,16 @@
that cares whether the thread count is correct. */
atomic_increment (&__nptl_nthreads);
+ bool stopped_start = false;
bool thread_ran = false;
/* Start the thread. */
if (__glibc_unlikely (report_thread_creation (pd)))
{
+ stopped_start = true;
/* Create the thread. We always create the thread stopped
so that it does not get far before we tell the debugger. */
- retval = create_thread (pd, iattr, true, STACK_VARIABLES_ARGS,
+ retval = create_thread (pd, iattr, &stopped_start, STACK_VARIABLES_ARGS,
&thread_ran);
if (retval == 0)
{
@@ -667,7 +669,7 @@
}
}
else
- retval = create_thread (pd, iattr, false, STACK_VARIABLES_ARGS,
+ retval = create_thread (pd, iattr, &stopped_start, STACK_VARIABLES_ARGS,
&thread_ran);
if (__glibc_unlikely (retval != 0))
@@ -701,7 +703,8 @@
}
else
{
- if (pd->stopped_start)
+ /* do not use pd->stopped_start to avoid use after free */
+ if (stopped_start)
/* The thread blocked on this lock either because we're doing TD_CREATE
event reporting, or for some other reason that create_thread chose.
Now let it run free. */
diff -Naur glibc-2.22_orig/sysdeps/nacl/createthread.c glibc-2.22/sysdeps/nacl/createthread.c
--- glibc-2.22_orig/sysdeps/nacl/createthread.c 2015-08-04 23:42:21.000000000 -0700
+++ glibc-2.22/sysdeps/nacl/createthread.c 2016-09-28 11:27:34.983206513 -0700
@@ -32,12 +32,12 @@
static int
create_thread (struct pthread *pd, const struct pthread_attr *attr,
- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran)
+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran)
{
pd->tid = __nacl_get_tid (pd);
- pd->stopped_start = stopped_start;
- if (__glibc_unlikely (stopped_start))
+ pd->stopped_start = *stopped_start;
+ if (__glibc_unlikely (*stopped_start))
/* We make sure the thread does not run far by forcing it to get a
lock. We lock it here too so that the new thread cannot continue
until we tell it to. */
diff -Naur glibc-2.22_orig/sysdeps/unix/sysv/linux/createthread.c glibc-2.22/sysdeps/unix/sysv/linux/createthread.c
--- glibc-2.22_orig/sysdeps/unix/sysv/linux/createthread.c 2015-08-04 23:42:21.000000000 -0700
+++ glibc-2.22/sysdeps/unix/sysv/linux/createthread.c 2016-09-28 11:27:18.275206312 -0700
@@ -46,7 +46,7 @@
static int
create_thread (struct pthread *pd, const struct pthread_attr *attr,
- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran)
+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran)
{
/* Determine whether the newly created threads has to be started
stopped since we have to set the scheduling parameters or set the
@@ -54,10 +54,10 @@
if (attr != NULL
&& (__glibc_unlikely (attr->cpuset != NULL)
|| __glibc_unlikely ((attr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0)))
- stopped_start = true;
+ *stopped_start = true;
- pd->stopped_start = stopped_start;
- if (__glibc_unlikely (stopped_start))
+ pd->stopped_start = *stopped_start;
+ if (__glibc_unlikely (*stopped_start))
/* We make sure the thread does not run far by forcing it to get a
lock. We lock it here too so that the new thread cannot continue
until we tell it to. */
@@ -117,7 +117,7 @@
/* Set the affinity mask if necessary. */
if (attr->cpuset != NULL)
{
- assert (stopped_start);
+ assert (*stopped_start);
res = INTERNAL_SYSCALL (sched_setaffinity, err, 3, pd->tid,
attr->cpusetsize, attr->cpuset);
@@ -140,7 +140,7 @@
/* Set the scheduling parameters. */
if ((attr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0)
{
- assert (stopped_start);
+ assert (*stopped_start);
res = INTERNAL_SYSCALL (sched_setscheduler, err, 3, pd->tid,
pd->schedpolicy, &pd->schedparam);

0
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch → sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-c-utf8-locale.patch vendored
View File

4
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c → sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c vendored
View File

@ -297,3 +297,7 @@ void __chk_fail(void)
{
__hardened_gentoo_fail();
}
#ifdef GENTOO_SSP_HANDLER
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
#endif

0
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch → sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gshadow-handle-erange.patch vendored
View File

321
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c vendored
View File

@ -1,321 +0,0 @@
/* Copyright (C) 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
/* Copyright (C) 2006-2007 Gentoo Foundation Inc.
* License terms as above.
*
* Hardened Gentoo SSP handler
*
* An SSP failure handler that does not use functions from the rest of
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
* no possibility of recursion into the handler.
*
* Direct all bug reports to http://bugs.gentoo.org/
*
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
*
* The following people contributed to the glibc-2.3 Hardened
* Gentoo SSP handler, from which this implementation draws much:
*
* Ned Ludd - <solar[@]gentoo.org>
* Alexander Gabert - <pappy[@]gentoo.org>
* The PaX Team - <pageexec[@]freemail.hu>
* Peter S. Mazinger - <ps.m[@]gmx.net>
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
* Robert Connolly - <robert[@]linuxfromscratch.org>
* Cory Visi <cory[@]visi.name>
* Mike Frysinger <vapier[@]gentoo.org>
*/
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sysdep-cancel.h>
#include <sys/syscall.h>
#include <bp-checks.h>
#include <kernel-features.h>
#include <alloca.h>
/* from sysdeps */
#include <socketcall.h>
/* for the stuff in bits/socket.h */
#include <sys/socket.h>
#include <sys/un.h>
/* Sanity check on SYSCALL macro names - force compilation
* failure if the names used here do not exist
*/
#if !defined __NR_socketcall && !defined __NR_socket
# error Cannot do syscall socket or socketcall
#endif
#if !defined __NR_socketcall && !defined __NR_connect
# error Cannot do syscall connect or socketcall
#endif
#ifndef __NR_write
# error Cannot do syscall write
#endif
#ifndef __NR_close
# error Cannot do syscall close
#endif
#ifndef __NR_getpid
# error Cannot do syscall getpid
#endif
#ifndef __NR_kill
# error Cannot do syscall kill
#endif
#ifndef __NR_exit
# error Cannot do syscall exit
#endif
#ifdef SSP_SMASH_DUMPS_CORE
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
# if !defined _KERNEL_NSIG && !defined _NSIG
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
# endif
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
# error Cannot do syscall sigaction or rt_sigaction
# endif
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
* some reason.
*/
# ifdef _KERNEL_NSIG
# define _SSP_NSIG _KERNEL_NSIG
# else
# define _SSP_NSIG _NSIG
# endif
#else
# define _SSP_NSIG 0
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
#endif
/* Define DO_SIGACTION - default to newer rt signal interface but
* fallback to old as needed.
*/
#ifdef __NR_rt_sigaction
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
#else
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
#endif
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
#if defined(__NR_socket) && defined(__NR_connect)
# define USE_OLD_SOCKETCALL 0
#else
# define USE_OLD_SOCKETCALL 1
#endif
/* stub out the __NR_'s so we can let gcc optimize away dead code */
#ifndef __NR_socketcall
# define __NR_socketcall 0
#endif
#ifndef __NR_socket
# define __NR_socket 0
#endif
#ifndef __NR_connect
# define __NR_connect 0
#endif
#define DO_SOCKET(result, domain, type, protocol) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = domain; \
socketargs[1] = type; \
socketargs[2] = protocol; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
} else \
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
} while (0)
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = sockfd; \
socketargs[1] = (unsigned long int)serv_addr; \
socketargs[2] = addrlen; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
} else \
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
} while (0)
#ifndef _PATH_LOG
# define _PATH_LOG "/dev/log"
#endif
static const char path_log[] = _PATH_LOG;
/* For building glibc with SSP switched on, define __progname to a
* constant if building for the run-time loader, to avoid pulling
* in more of libc.so into ld.so
*/
#ifdef IS_IN_rtld
static char *__progname = "<rtld>";
#else
extern char *__progname;
#endif
/* Common handler code, used by stack_chk_fail and __stack_smash_handler
* Inlined to ensure no self-references to the handler within itself.
* Data static to avoid putting more than necessary on the stack,
* to aid core debugging.
*/
__attribute__ ((__noreturn__ , __always_inline__))
static inline void
__hardened_gentoo_stack_chk_fail(char func[], int damaged)
{
#define MESSAGE_BUFSIZ 256
static pid_t pid;
static int plen, i;
static char message[MESSAGE_BUFSIZ];
static const char msg_ssa[] = ": stack smashing attack";
static const char msg_inf[] = " in function ";
static const char msg_ssd[] = "*** stack smashing detected ***: ";
static const char msg_terminated[] = " - terminated\n";
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
static const char msg_unknown[] = "<unknown>";
static int log_socket, connect_result;
static struct sockaddr_un sock;
static unsigned long int socketargs[4];
/* Build socket address
*/
sock.sun_family = AF_UNIX;
i = 0;
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
sock.sun_path[i] = path_log[i];
i++;
}
sock.sun_path[i] = '\0';
/* Try SOCK_DGRAM connection to syslog */
connect_result = -1;
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
if (connect_result == -1) {
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Try SOCK_STREAM connection to syslog */
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
}
/* Build message. Messages are generated both in the old style and new style,
* so that log watchers that are configured for the old-style message continue
* to work.
*/
#define strconcat(str) \
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
{\
message[plen+i]=str[i];\
i++;\
}\
plen+=i;}
/* R.Henderson post-gcc-4 style message */
plen = 0;
strconcat(msg_ssd);
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Dr. Etoh pre-gcc-4 style message */
plen = 0;
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_ssa);
strconcat(msg_inf);
if (func != NULL)
strconcat(func)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Direct reports to bugs.gentoo.org */
plen=0;
strconcat(msg_report);
message[plen++]='\0';
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Suicide */
pid = INLINE_SYSCALL(getpid, 0);
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
static struct sigaction default_abort_act;
/* Remove any user-supplied handler for SIGABRT, before using it */
default_abort_act.sa_handler = SIG_DFL;
default_abort_act.sa_sigaction = NULL;
__sigfillset(&default_abort_act.sa_mask);
default_abort_act.sa_flags = 0;
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
}
/* Note; actions cannot be added to SIGKILL */
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
/* In case the kill didn't work, exit anyway
* The loop prevents gcc thinking this routine returns
*/
while (1)
INLINE_SYSCALL(exit, 0);
}
__attribute__ ((__noreturn__))
void __stack_chk_fail(void)
{
__hardened_gentoo_stack_chk_fail(NULL, 0);
}
#ifdef ENABLE_OLD_SSP_COMPAT
__attribute__ ((__noreturn__))
void __stack_smash_handler(char func[], int damaged)
{
__hardened_gentoo_stack_chk_fail(func, damaged);
}
#endif

381
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit vendored
View File

@ -1,381 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
alt_prefix() {
is_crosscompile && echo /usr/${CTARGET}
}
if [[ ${EAPI:-0} == [012] ]] ; then
: ${ED:=${D}}
: ${EROOT:=${ROOT}}
fi
# This indirection is for binpkgs. #523332
_nonfatal() { nonfatal "$@" ; }
if [[ ${EAPI:-0} == [0123] ]] ; then
nonfatal() { "$@" ; }
_nonfatal() { "$@" ; }
fi
# We need to be able to set alternative headers for
# compiling for non-native platform
# Will also become useful for testing kernel-headers without screwing up
# the whole system.
# note: intentionally undocumented.
alt_headers() {
echo ${ALT_HEADERS:=$(alt_prefix)/usr/include}
}
alt_build_headers() {
if [[ -z ${ALT_BUILD_HEADERS} ]] ; then
ALT_BUILD_HEADERS="${EPREFIX}$(alt_headers)"
if tc-is-cross-compiler ; then
ALT_BUILD_HEADERS=${SYSROOT}$(alt_headers)
if [[ ! -e ${ALT_BUILD_HEADERS}/linux/version.h ]] ; then
local header_path=$(echo '#include <linux/version.h>' | $(tc-getCPP ${CTARGET}) ${CFLAGS} 2>&1 | grep -o '[^"]*linux/version.h')
ALT_BUILD_HEADERS=${header_path%/linux/version.h}
fi
fi
fi
echo "${ALT_BUILD_HEADERS}"
}
alt_libdir() {
echo $(alt_prefix)/$(get_libdir)
}
alt_usrlibdir() {
echo $(alt_prefix)/usr/$(get_libdir)
}
builddir() {
echo "${WORKDIR}/build-${ABI}-${CTARGET}-$1"
}
setup_target_flags() {
# This largely mucks with compiler flags. None of which should matter
# when building up just the headers.
just_headers && return 0
case $(tc-arch) in
x86)
# -march needed for #185404 #199334
# TODO: When creating the first glibc cross-compile, this test will
# always fail as it does a full link which in turn requires glibc.
# Probably also applies when changing multilib profile settings (e.g.
# enabling x86 when the profile was amd64-only previously).
# We could change main to _start and pass -nostdlib here so that we
# only test the gcc code compilation. Or we could do a compile and
# then look for the symbol via scanelf.
if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then
local t=${CTARGET_OPT:-${CTARGET}}
t=${t%%-*}
filter-flags '-march=*'
export CFLAGS="-march=${t} ${CFLAGS}"
einfo "Auto adding -march=${t} to CFLAGS #185404"
fi
;;
amd64)
# -march needed for #185404 #199334
# Note: This test only matters when the x86 ABI is enabled, so we could
# optimize a bit and elide it.
# TODO: See cross-compile issues listed above for x86.
if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then
local t=${CTARGET_OPT:-${CTARGET}}
t=${t%%-*}
# Normally the target is x86_64-xxx, so turn that into the -march that
# gcc actually accepts. #528708
[[ ${t} == "x86_64" ]] && t="x86-64"
filter-flags '-march=*'
# ugly, ugly, ugly. ugly.
CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}")
export CFLAGS_x86="${CFLAGS_x86} -march=${t}"
einfo "Auto adding -march=${t} to CFLAGS_x86 #185404"
fi
;;
mips)
# The mips abi cannot support the GNU style hashes. #233233
filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both
;;
ppc)
append-flags "-freorder-blocks"
;;
sparc)
# Both sparc and sparc64 can use -fcall-used-g6. -g7 is bad, though.
filter-flags "-fcall-used-g7"
append-flags "-fcall-used-g6"
# If the CHOST is the basic one (e.g. not sparcv9-xxx already),
# try to pick a better one so glibc can use cpu-specific .S files.
# We key off the CFLAGS to get a good value. Also need to handle
# version skew.
# We can't force users to set their CHOST to their exact machine
# as many of these are not recognized by config.sub/gcc and such :(.
# Note: If the mcpu values don't scale, we might try probing CPP defines.
# Note: Should we factor in -Wa,-AvXXX flags too ? Or -mvis/etc... ?
local cpu
case ${CTARGET} in
sparc64-*)
case $(get-flag mcpu) in
niagara[234])
if version_is_at_least 2.8 ; then
cpu="sparc64v2"
elif version_is_at_least 2.4 ; then
cpu="sparc64v"
elif version_is_at_least 2.2.3 ; then
cpu="sparc64b"
fi
;;
niagara)
if version_is_at_least 2.4 ; then
cpu="sparc64v"
elif version_is_at_least 2.2.3 ; then
cpu="sparc64b"
fi
;;
ultrasparc3)
cpu="sparc64b"
;;
*)
# We need to force at least v9a because the base build doesn't
# work with just v9.
# https://sourceware.org/bugzilla/show_bug.cgi?id=19477
[[ -z ${cpu} ]] && append-flags "-Wa,-xarch=v9a"
;;
esac
;;
sparc-*)
case $(get-flag mcpu) in
niagara[234])
if version_is_at_least 2.8 ; then
cpu="sparcv9v2"
elif version_is_at_least 2.4 ; then
cpu="sparcv9v"
elif version_is_at_least 2.2.3 ; then
cpu="sparcv9b"
else
cpu="sparcv9"
fi
;;
niagara)
if version_is_at_least 2.4 ; then
cpu="sparcv9v"
elif version_is_at_least 2.2.3 ; then
cpu="sparcv9b"
else
cpu="sparcv9"
fi
;;
ultrasparc3)
cpu="sparcv9b"
;;
v9|ultrasparc)
cpu="sparcv9"
;;
v8|supersparc|hypersparc|leon|leon3)
cpu="sparcv8"
;;
esac
;;
esac
[[ -n ${cpu} ]] && CTARGET_OPT="${cpu}-${CTARGET#*-}"
;;
esac
}
setup_flags() {
# Make sure host make.conf doesn't pollute us
if is_crosscompile || tc-is-cross-compiler ; then
CHOST=${CTARGET} strip-unsupported-flags
fi
# Store our CFLAGS because it's changed depending on which CTARGET
# we are building when pulling glibc on a multilib profile
CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}}
CFLAGS=${CFLAGS_BASE}
CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}}
CXXFLAGS=${CXXFLAGS_BASE}
ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}}
ASFLAGS=${ASFLAGS_BASE}
# Over-zealous CFLAGS can often cause problems. What may work for one
# person may not work for another. To avoid a large influx of bugs
# relating to failed builds, we strip most CFLAGS out to ensure as few
# problems as possible.
strip-flags
strip-unsupported-flags
filter-flags -m32 -m64 -mabi=*
# Bug 492892.
filter-flags -frecord-gcc-switches
unset CBUILD_OPT CTARGET_OPT
if use multilib ; then
CTARGET_OPT=$(get_abi_CTARGET)
[[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST)
fi
setup_target_flags
if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then
CBUILD_OPT=${CTARGET_OPT}
fi
# Lock glibc at -O2 -- linuxthreads needs it and we want to be
# conservative here. -fno-strict-aliasing is to work around #155906
filter-flags -O?
append-flags -O2 -fno-strict-aliasing
# Can't build glibc itself with fortify code. Newer versions add
# this flag for us, so no need to do it manually.
version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE
# building glibc with SSP is fraught with difficulty, especially
# due to __stack_chk_fail_local which would mean significant changes
# to the glibc build process. See bug #94325 #293721
# Note we have to handle both user-given CFLAGS and gcc defaults via
# spec rules here. We can't simply add -fno-stack-protector as it gets
# added before user flags, and we can't just filter-flags because
# _filter_hardened doesn't support globs.
filter-flags -fstack-protector*
gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector)
if use hardened && gcc-specs-pie ; then
# Force PIC macro definition for all compilations since they're all
# either -fPIC or -fPIE with the default-PIE compiler.
append-cppflags -DPIC
else
# Don't build -fPIE without the default-PIE compiler and the
# hardened-pie patch
filter-flags -fPIE
fi
}
want_nptl() {
[[ -z ${LT_VER} ]] && return 0
want_tls || return 1
use nptl || return 1
# Older versions of glibc had incomplete arch support for nptl.
# But if you're building those now, you can handle USE=nptl yourself.
return 0
}
want_linuxthreads() {
[[ -z ${LT_VER} ]] && return 1
use linuxthreads
}
want_tls() {
# Archs that can use TLS (Thread Local Storage)
case $(tc-arch) in
x86)
# requires i486 or better #106556
[[ ${CTARGET} == i[4567]86* ]] && return 0
return 1
;;
esac
return 0
}
want__thread() {
want_tls || return 1
# For some reason --with-tls --with__thread is causing segfaults on sparc32.
[[ ${PROFILE_ARCH} == "sparc" ]] && return 1
[[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD}
# only test gcc -- cant test linking yet
tc-has-tls -c ${CTARGET}
WANT__THREAD=$?
return ${WANT__THREAD}
}
use_multiarch() {
# Make sure binutils is new enough to support indirect functions #336792
# This funky sed supports gold and bfd linkers.
local bver nver
bver=$($(tc-getLD ${CTARGET}) -v | sed -n -r '1{s:[^0-9]*::;s:^([0-9.]*).*:\1:;p}')
case $(tc-arch ${CTARGET}) in
amd64|x86) nver="2.20" ;;
arm) nver="2.22" ;;
hppa) nver="2.23" ;;
ppc|ppc64) nver="2.20" ;;
# ifunc was added in 2.23, but glibc also needs machinemode which is in 2.24.
s390) nver="2.24" ;;
sparc) nver="2.21" ;;
*) return 1 ;;
esac
version_is_at_least ${nver} ${bver}
}
# Setup toolchain variables that had historically
# been defined in the profiles for these archs.
setup_env() {
# silly users
unset LD_RUN_PATH
unset LD_ASSUME_KERNEL
if is_crosscompile || tc-is-cross-compiler ; then
multilib_env ${CTARGET_OPT:-${CTARGET}}
if ! use multilib ; then
MULTILIB_ABIS=${DEFAULT_ABI}
else
MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}}
fi
# If the user has CFLAGS_<CTARGET> in their make.conf, use that,
# and fall back on CFLAGS.
local VAR=CFLAGS_${CTARGET//[-.]/_}
CFLAGS=${!VAR-${CFLAGS}}
fi
setup_flags
export ABI=${ABI:-${DEFAULT_ABI:-default}}
local VAR=CFLAGS_${ABI}
# We need to export CFLAGS with abi information in them because glibc's
# configure script checks CFLAGS for some targets (like mips). Keep
# around the original clean value to avoid appending multiple ABIs on
# top of each other.
: ${__GLIBC_CC:=$(tc-getCC ${CTARGET_OPT:-${CTARGET}})}
export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}"
}
foreach_abi() {
setup_env
local ret=0
local abilist=""
if use multilib ; then
abilist=$(get_install_abis)
else
abilist=${DEFAULT_ABI}
fi
evar_push ABI
export ABI
for ABI in ${abilist:-default} ; do
setup_env
einfo "Running $1 for ABI ${ABI}"
$1
: $(( ret |= $? ))
done
evar_pop
return ${ret}
}
just_headers() {
is_crosscompile && use crosscompile_opts_headers-only
}
glibc_banner() {
local b="Gentoo ${PVR}"
[[ -n ${SNAP_VER} ]] && b+=" snapshot ${SNAP_VER}"
[[ -n ${BRANCH_UPDATE} ]] && b+=" branch ${BRANCH_UPDATE}"
[[ -n ${PATCH_VER} ]] && ! use vanilla && b+=" p${PATCH_VER}"
echo "${b}"
}

21
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit vendored
View File

@ -1,21 +0,0 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
eblit-glibc-pkg_postinst() {
# nothing to do if just installing headers
just_headers && return
if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then
# Generate fastloading iconv module configuration file.
"${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}"
fi
if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then
# Reload init ... if in a chroot or a diff init package, ignore
# errors from this step #253697
/sbin/telinit U 2>/dev/null
## COREOS: locale-gen is not installed
fi
}

59
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit vendored
View File

@ -1,59 +0,0 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
# Simple test to make sure our new glibc isnt completely broken.
# Make sure we don't test with statically built binaries since
# they will fail. Also, skip if this glibc is a cross compiler.
#
# If coreutils is built with USE=multicall, some of these files
# will just be wrapper scripts, not actual ELFs we can test.
glibc_sanity_check() {
cd / #228809
# We enter ${ED} so to avoid trouble if the path contains
# special characters; for instance if the path contains the
# colon character (:), then the linker will try to split it
# and look for the libraries in an unexpected place. This can
# lead to unsafe code execution if the generated prefix is
# within a world-writable directory.
# (e.g. /var/tmp/portage:${HOSTNAME})
pushd "${ED}"/$(get_libdir) >/dev/null
local x striptest
for x in cal date env free ls true uname uptime ; do
x=$(type -p ${x})
[[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue
striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue
case ${striptest} in
*"statically linked"*) continue;;
*"ASCII text"*) continue;;
esac
# We need to clear the locale settings as the upgrade might want
# incompatible locale data. This test is not for verifying that.
LC_ALL=C \
./ld-*.so --library-path . ${x} > /dev/null \
|| die "simple run test (${x}) failed"
done
popd >/dev/null
}
eblit-glibc-pkg_preinst() {
# nothing to do if just installing headers
just_headers && return
# prepare /etc/ld.so.conf.d/ for files
mkdir -p "${EROOT}"/etc/ld.so.conf.d
## COREOS: host.conf is not installed
[[ ${ROOT} != "/" ]] && return 0
[[ -d ${ED}/$(get_libdir) ]] || return 0
[[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check
# For newer EAPIs, this was run in pkg_pretend.
if [[ ${EAPI:-0} == [0123] ]] ; then
check_devpts
fi
}

137
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit vendored
View File

@ -1,137 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
glibc_compile_test() {
local ret save_cflags=${CFLAGS}
CFLAGS+=" $1"
shift
pushd "${T}" >/dev/null
rm -f glibc-test*
printf '%b' "$*" > glibc-test.c
_nonfatal emake -s glibc-test
ret=$?
popd >/dev/null
CFLAGS=${save_cflags}
return ${ret}
}
glibc_run_test() {
local ret
if [[ ${EMERGE_FROM} == "binary" ]] ; then
# ignore build failures when installing a binary package #324685
glibc_compile_test "" "$@" 2>/dev/null || return 0
else
if ! glibc_compile_test "" "$@" ; then
ewarn "Simple build failed ... assuming this is desired #324685"
return 0
fi
fi
pushd "${T}" >/dev/null
./glibc-test
ret=$?
rm -f glibc-test*
popd >/dev/null
return ${ret}
}
check_devpts() {
## COREOS: Ignore /dev/pts settings, the chroot has no control over them.
return 0
}
eblit-glibc-pkg_pretend() {
# For older EAPIs, this is run in pkg_preinst.
if [[ ${EAPI:-0} != [0123] ]] ; then
check_devpts
fi
# Prevent native builds from downgrading.
if [[ ${MERGE_TYPE} != "buildonly" ]] && \
[[ ${ROOT} == "/" ]] && \
[[ ${CBUILD} == ${CHOST} ]] && \
[[ ${CHOST} == ${CTARGET} ]] ; then
# The high rev # is to allow people to downgrade between -r# versions.
# We want to block 2.20->2.19, but 2.20-r3->2.20-r2 should be fine.
# Hopefully we never actually use a r# this high.
if has_version ">${CATEGORY}/${P}-r10000" ; then
eerror "Sanity check to keep you from breaking your system:"
eerror " Downgrading glibc is not supported and a sure way to destruction"
die "aborting to save your system"
fi
if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n'
then
eerror "Your patched vendor kernel is broken. You need to get an"
eerror "update from whoever is providing the kernel to you."
eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227"
eerror "http://bugs.gentoo.org/262698"
die "keeping your system alive, say thank you"
fi
if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n'
then
eerror "Your old kernel is broken. You need to update it to"
eerror "a newer version as syscall(<bignum>) will break."
eerror "http://bugs.gentoo.org/279260"
die "keeping your system alive, say thank you"
fi
fi
# users have had a chance to phase themselves, time to give em the boot
if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then
eerror "You still haven't deleted ${EROOT}/etc/locales.build."
eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher."
die "lazy upgrader detected"
fi
if [[ ${CTARGET} == i386-* ]] ; then
eerror "i386 CHOSTs are no longer supported."
eerror "Chances are you don't actually want/need i386."
eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml"
die "please fix your CHOST"
fi
if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then
ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS."
ewarn "This will result in a 50% performance penalty when running with a 32bit"
ewarn "hypervisor, which is probably not what you want."
fi
use hardened && ! gcc-specs-pie && \
ewarn "PIE hardening not applied, as your compiler doesn't default to PIE"
# Make sure host system is up to date #394453
if has_version '<sys-libs/glibc-2.13' && \
[[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]]
then
ebegin "Scanning system for __guard to see if you need to rebuild first ..."
local files=$(
scanelf -qys__guard -F'#s%F' \
"${EROOT}"/*bin/ \
"${EROOT}"/lib* \
"${EROOT}"/usr/*bin/ \
"${EROOT}"/usr/lib* | \
egrep -v \
-e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \
-e "^${EROOT}/sbin/(ldconfig|sln)$"
)
[[ -z ${files} ]]
if ! eend $? ; then
eerror "Your system still has old SSP __guard symbols. You need to"
eerror "rebuild all the packages that provide these files first:"
eerror "${files}"
die "old __guard detected"
fi
fi
}

9
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_setup.eblit vendored
View File

@ -1,9 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
[[ ${EAPI:-0} == [0123] ]] && source "${FILESDIR}/eblits/pkg_pretend.eblit"
eblit-glibc-pkg_setup() {
[[ ${EAPI:-0} == [0123] ]] && eblit-glibc-pkg_pretend
}

35
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_compile.eblit vendored
View File

@ -1,35 +0,0 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_configure.eblit"
toolchain-glibc_src_compile() {
local t
for t in linuxthreads nptl ; do
if want_${t} ; then
[[ ${EAPI:-0} == [01] ]] && glibc_do_configure ${t}
emake -C "$(builddir ${t})" || die "make ${t} for ${ABI} failed"
fi
done
}
## COREOS: fix compilation of cross-rpcgen during compiler bootstrap
toolchain-glibc_headers_compile() {
[[ ${EAPI:-0} == [01] ]] && toolchain-glibc_headers_configure
tc-export_build_env
local builddir=$(builddir "headers")
cd "${builddir}"
emake -C "${S}/sunrpc" subdir=sunrpc objdir="${builddir}" \
"${builddir}/sunrpc/cross-rpcgen" || die "make cross-rpcgen failed"
}
eblit-glibc-src_compile() {
if just_headers ; then
[[ ${EAPI:-0} == [01] ]] && toolchain-glibc_headers_configure
return
fi
foreach_abi toolchain-glibc_src_compile
}

282
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_configure.eblit vendored
View File

@ -1,282 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
dump_toolchain_settings() {
echo
einfo "$*"
local v
for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC LD {AS,C,CPP,CXX,LD}FLAGS ; do
einfo " $(printf '%15s' ${v}:) ${!v}"
done
# The glibc configure script doesn't properly use LDFLAGS all the time.
export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}"
einfo " $(printf '%15s' 'Manual CC:') ${CC}"
echo
}
glibc_do_configure() {
# Glibc does not work with gold (for various reasons) #269274.
tc-ld-disable-gold
dump_toolchain_settings "Configuring glibc for $1"
local myconf=()
# set addons
pushd "${S}" > /dev/null
local addons=$(echo */configure | sed \
-e 's:/configure::g' \
-e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \
-e 's: \+$::' \
-e 's! !,!g' \
-e 's!^!,!' \
-e '/^,\*$/d')
[[ -d ports ]] && addons+=",ports"
popd > /dev/null
myconf+=( $(use_enable hardened stackguard-randomization) )
if has_version '<sys-libs/glibc-2.13' ; then
myconf+=( --enable-old-ssp-compat )
fi
[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )
if [[ $1 == "linuxthreads" ]] ; then
if want_tls ; then
myconf+=( --with-tls )
if ! want__thread || use glibc-compat20 || [[ ${LT_KER_VER} == 2.[02].* ]] ; then
myconf+=( --without-__thread )
else
myconf+=( --with-__thread )
fi
else
myconf+=( --without-tls --without-__thread )
fi
myconf+=( --disable-sanity-checks )
addons="linuxthreads${addons}"
myconf+=( --enable-kernel=${LT_KER_VER} )
elif [[ $1 == "nptl" ]] ; then
# Newer versions require nptl, so there is no addon for it.
version_is_at_least 2.20 || addons="nptl${addons}"
myconf+=( --enable-kernel=${NPTL_KERN_VER} )
else
die "invalid pthread option"
fi
myconf+=( --enable-add-ons="${addons#,}" )
# Since SELinux support is only required for nscd, only enable it if:
# 1. USE selinux
# 2. only for the primary ABI on multilib systems
# 3. Not a crosscompile
if ! is_crosscompile && use selinux ; then
if use multilib ; then
if is_final_abi ; then
myconf+=( --with-selinux )
else
myconf+=( --without-selinux )
fi
else
myconf+=( --with-selinux )
fi
else
myconf+=( --without-selinux )
fi
# Force a few tests where we always know the answer but
# configure is incapable of finding it.
if is_crosscompile ; then
export \
libc_cv_c_cleanup=yes \
libc_cv_forced_unwind=yes
fi
myconf+=(
--without-cvs
--disable-werror
--enable-bind-now
--build=${CBUILD_OPT:-${CBUILD}}
--host=${CTARGET_OPT:-${CTARGET}}
$(use_enable profile)
$(use_with gd)
--with-headers=$(alt_build_headers)
--prefix="${EPREFIX}/usr"
--sysconfdir="${EPREFIX}/etc"
--localstatedir="${EPREFIX}/var"
--libdir='$(prefix)'/$(get_libdir)
--mandir='$(prefix)'/share/man
--infodir='$(prefix)'/share/info
--libexecdir='$(libdir)'/misc/glibc
--with-bugurl=http://bugs.gentoo.org/
--with-pkgversion="$(glibc_banner)"
$(use_multiarch || echo --disable-multi-arch)
$(in_iuse rpc && use_enable rpc obsolete-rpc || echo --enable-obsolete-rpc)
$(in_iuse systemtap && use_enable systemtap)
$(in_iuse nscd && use_enable nscd)
${EXTRA_ECONF}
)
# We rely on sys-libs/timezone-data for timezone tools normally.
if version_is_at_least 2.23 ; then
myconf+=( $(use_enable vanilla timezone-tools) )
fi
# These libs don't have configure flags.
ac_cv_lib_audit_audit_log_user_avc_message=$(in_iuse audit && usex audit || echo no)
ac_cv_lib_cap_cap_init=$(in_iuse caps && usex caps || echo no)
# There is no configure option for this and we need to export it
# since the glibc build will re-run configure on itself
export libc_cv_rootsbindir="${EPREFIX}/sbin"
export libc_cv_slibdir="${EPREFIX}/$(get_libdir)"
# We take care of patching our binutils to use both hash styles,
# and many people like to force gnu hash style only, so disable
# this overriding check. #347761
export libc_cv_hashstyle=no
# Overtime, generating info pages can be painful. So disable this for
# versions older than the latest stable to avoid the issue (this ver
# should be updated from time to time). #464394 #465816
if ! version_is_at_least 2.17 ; then
export ac_cv_prog_MAKEINFO=:
fi
local builddir=$(builddir "$1")
mkdir -p "${builddir}"
cd "${builddir}"
set -- "${S}"/configure "${myconf[@]}"
echo "$@"
"$@" || die "failed to configure glibc"
# ia64 static cross-compilers are a pita in so much that they
# can't produce static ELFs (as the libgcc.a is broken). so
# disable building of the programs for those targets if it
# doesn't work.
# XXX: We could turn this into a compiler test, but ia64 is
# the only one that matters, so this should be fine for now.
if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then
sed -i '1i+link-static = touch $@' config.make
fi
# If we're trying to migrate between ABI sets, we need
# to lie and use a local copy of gcc. Like if the system
# is built with MULTILIB_ABIS="amd64 x86" but we want to
# add x32 to it, gcc/glibc don't yet support x32.
if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then
echo 'main(){}' > "${T}"/test.c
if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then
sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die
mkdir -p sunrpc
cp $(which rpcgen) sunrpc/cross-rpcgen || die
touch -t 202001010101 sunrpc/cross-rpcgen || die
fi
fi
}
toolchain-glibc_headers_configure() {
export ABI=default
local builddir=$(builddir "headers")
mkdir -p "${builddir}"
cd "${builddir}"
# if we don't have a compiler yet, we cant really test it now ...
# hopefully they don't affect header geneation, so let's hope for
# the best here ...
local v vars=(
ac_cv_header_cpuid_h=yes
libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes
libc_cv_asm_cfi_directives=yes
libc_cv_broken_visibility_attribute=no
libc_cv_c_cleanup=yes
libc_cv_forced_unwind=yes
libc_cv_gcc___thread=yes
libc_cv_mlong_double_128=yes
libc_cv_mlong_double_128ibm=yes
libc_cv_ppc_machine=yes
libc_cv_ppc_rel16=yes
libc_cv_predef_{fortify_source,stack_protector}=no
libc_cv_visibility_attribute=yes
libc_cv_z_combreloc=yes
libc_cv_z_execstack=yes
libc_cv_z_initfirst=yes
libc_cv_z_nodelete=yes
libc_cv_z_nodlopen=yes
libc_cv_z_relro=yes
libc_mips_abi=${ABI}
libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard)
# These libs don't have configure flags.
ac_cv_lib_audit_audit_log_user_avc_message=no
ac_cv_lib_cap_cap_init=no
)
einfo "Forcing cached settings:"
for v in "${vars[@]}" ; do
einfo " ${v}"
export ${v}
done
# Blow away some random CC settings that screw things up. #550192
if [[ -d ${S}/sysdeps/mips ]]; then
pushd "${S}"/sysdeps/mips >/dev/null
sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die
sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die
if version_is_at_least 2.21 ; then
# Force the mips ABI to the default. This is OK because the set of
# installed headers in this phase is the same between the 3 ABIs.
# If this ever changes, this hack will break, but that's unlikely
# as glibc discourages that behavior.
# https://crbug.com/647033
sed -i -e 's:abiflag=.*:abiflag=_ABIO32:' preconfigure || die
fi
popd >/dev/null
fi
local myconf=()
myconf+=(
--disable-sanity-checks
--enable-hacker-mode
--without-cvs
--disable-werror
--enable-bind-now
--build=${CBUILD_OPT:-${CBUILD}}
--host=${CTARGET_OPT:-${CTARGET}}
--with-headers=$(alt_build_headers)
--prefix="${EPREFIX}/usr"
${EXTRA_ECONF}
)
local addons
[[ -d ${S}/ports ]] && addons+=",ports"
# Newer versions require nptl, so there is no addon for it.
version_is_at_least 2.20 || addons+=",nptl"
myconf+=( --enable-add-ons="${addons#,}" )
# Nothing is compiled here which would affect the headers for the target.
# So forcing CC/CFLAGS is sane.
set -- "${S}"/configure "${myconf[@]}"
echo "$@"
CC="$(tc-getBUILD_CC)" \
CFLAGS="-O1 -pipe" \
CPPFLAGS="-U_FORTIFY_SOURCE" \
LDFLAGS="" \
"$@" || die "failed to configure glibc"
}
toolchain-glibc_src_configure() {
if just_headers ; then
toolchain-glibc_headers_configure
else
want_linuxthreads && glibc_do_configure linuxthreads
want_nptl && glibc_do_configure nptl
fi
}
eblit-glibc-src_configure() {
foreach_abi toolchain-glibc_src_configure
}

231
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit vendored
View File

@ -1,231 +0,0 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
toolchain-glibc_src_install() {
local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl))
cd "${builddir}"
emake install_root="${D}$(alt_prefix)" install || die
if want_linuxthreads && want_nptl ; then
einfo "Installing NPTL to $(alt_libdir)/tls/..."
cd "$(builddir nptl)"
dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl
local l src_lib
for l in libc libm librt libpthread libthread_db ; do
# take care of shared lib first ...
l=${l}.so
if [[ -e ${l} ]] ; then
src_lib=${l}
else
src_lib=$(eval echo */${l})
fi
cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}"
fperms a+rx $(alt_libdir)/tls/${l}
dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib})
# then grab the linker script or the symlink ...
if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then
dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l}
else
sed \
-e "s:/${l}:/tls/${l}:g" \
-e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \
"${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l}
fi
# then grab the static lib ...
src_lib=${src_lib/%.so/.a}
[[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a}
cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
src_lib=${src_lib/%.a/_nonshared.a}
if [[ -e ${src_lib} ]] ; then
cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
fi
done
# use the nptl linker instead of the linuxthreads one as the linuxthreads
# one may lack TLS support and that can be really bad for business
cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp"
fi
# Newer versions get fancy with libm linkage to include vectorized support.
# While we don't really need a ldscript here, portage QA checks get upset.
if [[ -e ${ED}$(alt_usrlibdir)/libm-${PV}.a ]] ; then
dosym ../../$(get_libdir)/libm-${PV}.so $(alt_usrlibdir)/libm-${PV}.so
fi
# We'll take care of the cache ourselves
rm -f "${ED}"/etc/ld.so.cache
# Everything past this point just needs to be done once ...
is_final_abi || return 0
# Make sure the non-native interp can be found on multilib systems even
# if the main library set isn't installed into the right place. Maybe
# we should query the active gcc for info instead of hardcoding it ?
local i ldso_abi ldso_name
local ldso_abi_list=(
# x86
amd64 /lib64/ld-linux-x86-64.so.2
x32 /libx32/ld-linux-x32.so.2
x86 /lib/ld-linux.so.2
# mips
o32 /lib/ld.so.1
n32 /lib32/ld.so.1
n64 /lib64/ld.so.1
# powerpc
ppc /lib/ld.so.1
ppc64 /lib64/ld64.so.1
# s390
s390 /lib/ld.so.1
s390x /lib/ld64.so.1
# sparc
sparc32 /lib/ld-linux.so.2
sparc64 /lib64/ld-linux.so.2
)
case $(tc-endian) in
little)
ldso_abi_list+=(
# arm
arm64 /lib/ld-linux-aarch64.so.1
)
;;
big)
ldso_abi_list+=(
# arm
arm64 /lib/ld-linux-aarch64_be.so.1
)
;;
esac
if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then
dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib
fi
for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do
ldso_abi=${ldso_abi_list[i]}
has ${ldso_abi} $(get_install_abis) || continue
ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}"
if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then
dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name}
fi
done
# With devpts under Linux mounted properly, we do not need the pt_chown
# binary to be setuid. This is because the default owners/perms will be
# exactly what we want.
if in_iuse suid && ! use suid ; then
find "${ED}" -name pt_chown -exec chmod -s {} +
fi
#################################################################
# EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY #
# Make sure we install some symlink hacks so that when we build
# a 2nd stage cross-compiler, gcc finds the target system
# headers correctly. See gcc/doc/gccinstall.info
if is_crosscompile ; then
# We need to make sure that /lib and /usr/lib always exists.
# gcc likes to use relative paths to get to its multilibs like
# /usr/lib/../lib64/. So while we don't install any files into
# /usr/lib/, we do need it to exist.
cd "${ED}"$(alt_libdir)/..
[[ -e lib ]] || mkdir lib
cd "${ED}"$(alt_usrlibdir)/..
[[ -e lib ]] || mkdir lib
dosym usr/include $(alt_prefix)/sys-include
return 0
fi
## COREOS ##
# For reference, the rest of this function has been modified to do:
# - The SDK just gets the full locale archive, no need for locale-gen.
# - CoreOS targets (which are cross compiled) don't get any locales.
# - Config files are installed by baselayout, not glibc.
# - Install nscd/systemd stuff in /usr.
if ! tc-is-cross-compiler ; then
emake install_root="${D}$(alt_prefix)" localedata/install-locales || die
# Sanity check the above command worked
[[ -f ${ED}/usr/$(get_libdir)/locale/locale-archive ]] || die
else
keepdir /usr/$(get_libdir)/locale
fi
# Make sure all the ABI's can find the locales and so we only
# have to generate one set
local a
for a in $(get_install_abis) ; do
if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then
dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale
fi
done
# Clean out any default configs
rm -rf "${ED}"/etc
cd "${S}"
# Install misc network config files
insinto /usr/share/baselayout
doins nscd/nscd.conf || die
if ! in_iuse nscd || use nscd ; then
systemd_dounit nscd/nscd.service || die
systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die
systemd_newtmpfilesd "${FILESDIR}"/nscd-conf.tmpfiles nscd-conf.conf || die
fi
echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc
doenvd "${T}"/00glibc || die
for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do
[[ -s ${d} ]] && dodoc ${d}
done
}
toolchain-glibc_headers_install() {
local builddir=$(builddir "headers")
cd "${builddir}"
emake install_root="${D}$(alt_prefix)" install-headers || die
if ! version_is_at_least 2.16 ; then
insinto $(alt_headers)/bits
doins bits/stdio_lim.h || die
fi
insinto $(alt_headers)/gnu
doins "${S}"/include/gnu/stubs.h || die "doins include gnu"
# Make sure we install the sys-include symlink so that when
# we build a 2nd stage cross-compiler, gcc finds the target
# system headers correctly. See gcc/doc/gccinstall.info
dosym usr/include $(alt_prefix)/sys-include
}
src_strip() {
# gdb is lame and requires some debugging information to remain in
# libpthread, so we need to strip it by hand. libthread_db makes no
# sense stripped as it is only used when debugging.
local pthread=$(has splitdebug ${FEATURES} && echo "libthread_db" || echo "lib{pthread,thread_db}")
env \
-uRESTRICT \
CHOST=${CTARGET} \
STRIP_MASK="/*/{,tls/}${pthread}*" \
prepallstrip
# if user has stripping enabled and does not have split debug turned on,
# then leave the debugging sections in libpthread.
if ! has nostrip ${FEATURES} && ! has splitdebug ${FEATURES} ; then
${STRIP:-${CTARGET}-strip} --strip-debug "${ED}"/*/libpthread-*.so
fi
}
eblit-glibc-src_install() {
if just_headers ; then
export ABI=default
toolchain-glibc_headers_install
return
fi
foreach_abi toolchain-glibc_src_install
src_strip
}

65
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit vendored
View File

@ -1,65 +0,0 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
eblit-glibc-src_prepare() {
# XXX: We should do the branchupdate, before extracting the manpages and
# infopages else it does not help much (mtimes change if there is a change
# to them with branchupdate)
if [[ -n ${BRANCH_UPDATE} ]] ; then
epatch "${DISTDIR}"/glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
# Snapshot date patch
einfo "Patching version to display snapshot date ..."
sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h
fi
# tag, glibc is it
if ! version_is_at_least 2.17 ; then
[[ -e csu/Banner ]] && die "need new banner location"
glibc_banner > csu/Banner
fi
if [[ -n ${PATCH_VER} ]] && ! use vanilla ; then
EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." \
EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \
EPATCH_SUFFIX="patch" \
ARCH=$(tc-arch) \
epatch "${WORKDIR}"/patches
fi
if just_headers ; then
if [[ -e ports/sysdeps/mips/preconfigure ]] ; then
# mips peeps like to screw with us. if building headers,
# we don't have a real compiler, so we can't let them
# insert -mabi on us.
sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die
find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} +
fi
fi
epatch_user
gnuconfig_update
# Glibc is stupid sometimes, and doesn't realize that with a
# static C-Only gcc, -lgcc_eh doesn't exist.
# https://sourceware.org/ml/libc-alpha/2003-09/msg00100.html
# https://sourceware.org/ml/libc-alpha/2005-02/msg00042.html
# But! Finally fixed in recent versions:
# https://sourceware.org/ml/libc-alpha/2012-05/msg01865.html
if ! version_is_at_least 2.16 ; then
echo 'int main(){}' > "${T}"/gcc_eh_test.c
if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then
sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh"
fi
fi
cd "${WORKDIR}"
find . -type f '(' -size 0 -o -name "*.orig" ')' -delete
find . -name configure -exec touch {} +
eprefixify extra/locale/locale-gen
# Fix permissions on some of the scripts.
chmod u+x "${S}"/scripts/*.sh
}

30
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit vendored
View File

@ -1,30 +0,0 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
glibc_src_test() {
cd "$(builddir $1)"
nonfatal emake -j1 check && return 0
einfo "make check failed - re-running with --keep-going to get the rest of the results"
nonfatal emake -j1 -k check
ewarn "make check failed for ${ABI}-${CTARGET}-$1"
return 1
}
toolchain-glibc_src_test() {
local ret=0 t
for t in linuxthreads nptl ; do
if want_${t} ; then
glibc_src_test ${t}
: $(( ret |= $? ))
fi
done
return ${ret}
}
eblit-glibc-src_test() {
# Give tests more time to complete.
export TIMEOUTFACTOR=5
foreach_abi toolchain-glibc_src_test || die "tests failed"
}

121
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit vendored
View File

@ -1,121 +0,0 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit"
int_to_KV() {
local version=$1 major minor micro
major=$((version / 65536))
minor=$(((version % 65536) / 256))
micro=$((version % 256))
echo ${major}.${minor}.${micro}
}
eend_KV() {
[[ $(KV_to_int $1) -ge $(KV_to_int $2) ]]
eend $?
}
get_kheader_version() {
printf '#include <linux/version.h>\nLINUX_VERSION_CODE\n' | \
$(tc-getCPP ${CTARGET}) -I "${EPREFIX}/$(alt_build_headers)" - | \
tail -n 1
}
check_nptl_support() {
# don't care about the compiler here as we arent using it
just_headers && return
local run_kv build_kv want_kv
run_kv=$(int_to_KV $(get_KV))
build_kv=$(int_to_KV $(get_kheader_version))
want_kv=${NPTL_KERN_VER}
ebegin "Checking gcc for __thread support"
if ! eend $(want__thread ; echo $?) ; then
echo
eerror "Could not find a gcc that supports the __thread directive!"
eerror "Please update your binutils/gcc and try again."
die "No __thread support in gcc!"
fi
if ! is_crosscompile && ! tc-is-cross-compiler ; then
# Building fails on an non-supporting kernel
ebegin "Checking kernel version (${run_kv} >= ${want_kv})"
if ! eend_KV ${run_kv} ${want_kv} ; then
echo
eerror "You need a kernel of at least ${want_kv} for NPTL support!"
die "Kernel version too low!"
fi
fi
ebegin "Checking linux-headers version (${build_kv} >= ${want_kv})"
if ! eend_KV ${build_kv} ${want_kv} ; then
echo
eerror "You need linux-headers of at least ${want_kv} for NPTL support!"
die "linux-headers version too low!"
fi
}
unpack_pkg() {
local a=${PN}
[[ -n ${SNAP_VER} ]] && a="${a}-${RELEASE_VER}"
[[ -n $1 ]] && a="${a}-$1"
if [[ -n ${SNAP_VER} ]] ; then
a="${a}-${SNAP_VER}"
else
if [[ -n $2 ]] ; then
a="${a}-$2"
else
a="${a}-${RELEASE_VER}"
fi
fi
if has ${a}.tar.xz ${A} ; then
unpacker ${a}.tar.xz
else
unpack ${a}.tar.bz2
fi
[[ -n $1 ]] && { mv ${a} $1 || die ; }
}
toolchain-glibc_src_unpack() {
# Check NPTL support _before_ we unpack things to save some time
want_nptl && check_nptl_support
if [[ -n ${EGIT_REPO_URIS} ]] ; then
local i d
for ((i=0; i<${#EGIT_REPO_URIS[@]}; ++i)) ; do
EGIT_REPO_URI=${EGIT_REPO_URIS[$i]}
EGIT_SOURCEDIR=${EGIT_SOURCEDIRS[$i]}
git-2_src_unpack
done
else
unpack_pkg
fi
cd "${S}"
touch locale/C-translit.h #185476 #218003
[[ -n ${LT_VER} ]] && unpack_pkg linuxthreads ${LT_VER}
[[ -n ${PORTS_VER} ]] && unpack_pkg ports ${PORTS_VER}
[[ -n ${LIBIDN_VER} ]] && unpack_pkg libidn
if [[ -n ${PATCH_VER} ]] ; then
cd "${WORKDIR}"
unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
# pull out all the addons
local d
for d in extra/*/configure ; do
d=${d%/configure}
[[ -d ${S}/${d} ]] && die "${d} already exists in \${S}"
mv "${d}" "${S}" || die "moving ${d} failed"
done
fi
}
eblit-glibc-src_unpack() {
setup_env
toolchain-glibc_src_unpack
[[ ${EAPI:-0} == [01] ]] && cd "${S}" && eblit-glibc-src_prepare
}

133
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild → sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild vendored
View File

@ -1,16 +1,15 @@
# Copyright 1999-2017 Gentoo Foundation
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
EAPI="5"
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing prefix
inherit toolchain-glibc
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86"
KEYWORDS="alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
@ -27,10 +26,16 @@ case ${PV} in
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="8" # Gentoo patchset
# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/
PATCH_VER="15" # Gentoo patchset
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
GLIBC_PATCH_EXCLUDE+=" 0005_all_sys-types.h-drop-sys-sysmacros.h-include.patch"
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla headers-only"
# Drop this after updating profiles.
IUSE+=" crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
@ -71,6 +76,7 @@ COMMON_DEPEND="
) )
suid? ( caps? ( sys-libs/libcap ) )
selinux? ( sys-libs/libselinux )
systemtap? ( dev-util/systemtap )
"
DEPEND="${COMMON_DEPEND}
>=app-misc/pax-utils-0.1.10
@ -82,7 +88,7 @@ RDEPEND="${COMMON_DEPEND}
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
DEPEND+=" !headers-only? (
>=${CATEGORY}/binutils-2.24
>=${CATEGORY}/gcc-4.7
)"
@ -100,7 +106,7 @@ upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
local devspace="HTTP~vapier/dist/URI HTTP~dilfridge/distfiles/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
@ -110,70 +116,21 @@ SRC_URI=$(
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_prepare() { eblit-run src_prepare ; }
src_configure() { eblit-run src_configure ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in pretend setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
src_unpack() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
toolchain-glibc_src_unpack
}
eblit-src_prepare-post() {
src_prepare() {
toolchain-glibc_src_prepare
cd "${S}"
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
## COREOS: features and bug fixes missing from the Gentoo patch set.
epatch "${FILESDIR}"/2.23/glibc-2.23-gshadow-handle-erange.patch
epatch "${FILESDIR}"/2.23/glibc-2.23-c-utf8-locale.patch
epatch "${FILESDIR}"/2.23/glibc-2.23-pthread-use-after-free.patch
epatch "${FILESDIR}"/2.23/glibc-2.23-binutils-update.patch
## COREOS: Apply features and fixes missing from the Gentoo patch set.
epatch "${FILESDIR}"/${PV}/${P}-gshadow-handle-erange.patch
epatch "${FILESDIR}"/${PV}/${P}-c-utf8-locale.patch
if use hardened ; then
# We don't enable these for non-hardened as the output is very terse --
@ -181,7 +138,7 @@ eblit-src_prepare-post() {
# includes backtraces and symbols.
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die
if use debug ; then
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
@ -190,11 +147,6 @@ eblit-src_prepare-post() {
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
# Build various bits with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
*/Makefile || die
fi
case $(gcc-fullversion) in
@ -205,3 +157,38 @@ eblit-src_prepare-post() {
;;
esac
}
## COREOS: Redefine some eclass-provided functions for local changes.
# For reference, this function has been modified to do:
# - Config files are installed by baselayout, not glibc.
# - Install nscd/systemd stuff in /usr.
src_install() {
toolchain-glibc_src_install "$@"
# Work around #627378 on the boards.
if [[ ${ROOT:-/} =~ ^/build/ ]] ; then
local libm=("${ED}"/usr/lib*/libm-${PV}.so)
libm="${libm[0]:${#ED}}"
if [ -h "${ED}$libm" ] ; then
rm -f "${ED}$libm"
mv "${ED}${libm#/usr}" "${ED}$libm"
fi
fi
# Use tmpfiles to put nscd.conf in /etc and create directories.
insinto /usr/share/baselayout
if ! in_iuse nscd || use nscd ; then
doins "${S}"/nscd/nscd.conf || die
systemd_newtmpfilesd "${FILESDIR}"/nscd-conf.tmpfiles nscd-conf.conf || die
fi
# Clean out any default configs.
rm -rf "${ED}"/etc
# Restore this one for the SDK.
test ! -e "${T}"/00glibc || doenvd "${T}"/00glibc
}
# Ignore /dev/pts settings, since the chroot has no control over them.
check_devpts() { : ; }

3
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml vendored
View File

@ -6,10 +6,11 @@
<name>Gentoo Toolchain Project</name>
</maintainer>
<use>
<flag name="compile-locales">build *all* locales in src_install; this is generally meant for stage building only as it ignores /etc/locale.gen file and can be pretty slow</flag>
<flag name="debug">When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL)</flag>
<flag name="gd">build memusage and memusagestat tools</flag>
<flag name="nscd">Build, and enable support for, the Name Service Cache Daemon</flag>
<flag name="rpc">Enable obsolete RPC/NIS layers (disabling is experimental -- see bug 381391)</flag>
<flag name="rpc">Enable obsolete RPC/NIS layers</flag>
<flag name="suid">Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5</flag>
<flag name="systemtap">enable systemtap static probe points</flag>
</use>