1 |
commit: d93339d7f5bfe90901a8c6921d1c221b54c8302a |
2 |
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Oct 27 23:30:07 2017 +0000 |
4 |
Commit: Andreas Hüttel <dilfridge <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Oct 27 23:30:19 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d93339d7 |
7 |
|
8 |
sys-libs/glibc: Revision bump to 2.25 patchlevel 12, unkeyworded so far |
9 |
|
10 |
Resolves CVE-2017-15670, CVE-2017-15804, CVE-2016-6261 |
11 |
|
12 |
Bug: https://bugs.gentoo.org/634920 |
13 |
Bug: https://bugs.gentoo.org/635010 |
14 |
Bug: https://bugs.gentoo.org/635118 |
15 |
Package-Manager: Portage-2.3.13, Repoman-2.3.4 |
16 |
|
17 |
sys-libs/glibc/Manifest | 1 + |
18 |
sys-libs/glibc/glibc-2.25-r9.ebuild | 154 ++++++++++++++++++++++++++++++++++++ |
19 |
2 files changed, 155 insertions(+) |
20 |
|
21 |
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest |
22 |
index 88147f03cd5..d47efc91130 100644 |
23 |
--- a/sys-libs/glibc/Manifest |
24 |
+++ b/sys-libs/glibc/Manifest |
25 |
@@ -17,6 +17,7 @@ DIST glibc-2.23.tar.xz 13455260 SHA256 94efeb00e4603c8546209cefb3e1a50a5315c86fa |
26 |
DIST glibc-2.24-patches-10.tar.bz2 73586 SHA256 d479033b63ff796fea56fb1bde390c442021acd856994b15c983b4a89e46fbbe SHA512 fc9191a85da53a2515bbaab228648936682e04267284049468e0c82284f618ab2907b9247baca701e16edc50640199ff6d8e2a6a93ccbd5a9d3b0eb73cc484ca WHIRLPOOL 7afe94307900a70de2f5e028d8ec9e0f4b06b661ec6493217e51a13d750f891e10b45c0f66d86fa83c16cc3ce539bb257039b33bc3e363469cd03502d956d75e |
27 |
DIST glibc-2.24.tar.xz 13554048 SHA256 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3 SHA512 a4cb28a2c51a0cc029ed69da7cba11931a615ba897235590b4f7fad2eaabec9042f8250eaac2a5860997437a69ab13304f10a634000e52c0336b5593b7969adb WHIRLPOOL be82b47fc73f7e780e8e73a5f58b313d8e861d5ea8c4320f95ef0d8c1e125ff011d61dcfc0380be0e83868bd8c3299de1ea662da7fc8d709050e89b2c126e3eb |
28 |
DIST glibc-2.25-patches-11.tar.bz2 64221 SHA256 38c76c844238a7bbaecc85b359e67af6a98a1614f3196f25d85f83dec4358e99 SHA512 cbbbca9653f55f0cb3b73c38c979cb439c87b172819f3e999d2b435d59cd2bef2c89f11a398300c53f447ad433ee87f47a0f3e890c78f8694705c788455325dd WHIRLPOOL e61203ac129d7283f3beda1421e1365da58c229bcb6b6a1f8b71755d9ea0e2bfb64b8be69ab7698861a593d4b98ab6163d574f3c215fba0a0d9e6a1b15d2eed5 |
29 |
+DIST glibc-2.25-patches-12.tar.bz2 65396 SHA256 60a8901ceab4066661285cdbf7559d3a1f66bf468c5c1a5ecdde7f8ead282d3e SHA512 6af8c304ba70b42dfda294873d9a138d6c98e7a46496e305b2cac99a085d1ad3d00315162d1e1458e651de95e158bd35be74406a3f44fde13182e30baa663fcb WHIRLPOOL 96684d379d65ca6e4da7d397d4b803e0b0516080223de86080d6bbf3cae6a17b9fc8922d6fc2071b3116f35136378d85eb6671c7d9f7cf0f2135b66d1573bb90 |
30 |
DIST glibc-2.25.tar.xz 13873900 SHA256 067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0 SHA512 5b7a2418d5b8a1b6a907c6c7fb6477ee2a473151cb45e03d0d4cdd9a33497c90b1ee39e2e7e885e2b25743dcd3747336ef114b4a73eb001da1fd79f29e0f9a6e WHIRLPOOL dc2fafaa4a0e5581268338453838a03ed0c5e7a2af844e8fb7086ab8d3ae48efbdbe6f25db1d089ae669cd2f8b0412f690d965506753d86f8525da2df59b7953 |
31 |
DIST glibc-2.26-patches-2.tar.bz2 68040 SHA256 c40f03059d389fd8b22b54f83c0a669c44a38ee84cc359cb86d8f6dbdd1b957f SHA512 2b54d6e33b29d5ee5e4d4b64f299bf15e22ece5ce6555dafe43fd97ec8a2d9ef0645075ff24dc593ec6f89e02caf40c25a72af93ecd11113fba77268ccf486e2 WHIRLPOOL 59c54cdd2e3e64091dd206ad6b5ff467eff6c0d7f8ef5ab11504a4e6cfe958f762b9de2fbe8b6004a9e19963520a84a493ccf03908a78ea0a452dbc28e0df1e5 |
32 |
DIST glibc-2.26.tar.xz 14682748 SHA256 e54e0a934cd2bc94429be79da5e9385898d2306b9eaf3c92d5a77af96190f6bd SHA512 6ed368523bc55f00976f96c5177f114e3f714b27273d7bffc252812c8b98fb81970403c1f5b5f0a61da678811532fb446530745492d2b49bfefc0d5bd71ce8c0 WHIRLPOOL 9091c3bccc9b590de6b9595aa391ba01091f0c301bd9199d7c48fbeaeeb013ec9c683c68b65b59c5a69e3905b7f842cca1b0a410431967ecb3a1229b8535486f |
33 |
|
34 |
diff --git a/sys-libs/glibc/glibc-2.25-r9.ebuild b/sys-libs/glibc/glibc-2.25-r9.ebuild |
35 |
new file mode 100644 |
36 |
index 00000000000..89b790eb79c |
37 |
--- /dev/null |
38 |
+++ b/sys-libs/glibc/glibc-2.25-r9.ebuild |
39 |
@@ -0,0 +1,154 @@ |
40 |
+# Copyright 1999-2017 Gentoo Foundation |
41 |
+# Distributed under the terms of the GNU General Public License v2 |
42 |
+ |
43 |
+EAPI="5" |
44 |
+ |
45 |
+inherit toolchain-glibc |
46 |
+ |
47 |
+DESCRIPTION="GNU libc6 (also called glibc2) C library" |
48 |
+HOMEPAGE="https://www.gnu.org/software/libc/libc.html" |
49 |
+ |
50 |
+LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" |
51 |
+#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
52 |
+KEYWORDS="" |
53 |
+RESTRICT="strip" # strip ourself #46186 |
54 |
+EMULTILIB_PKG="true" |
55 |
+ |
56 |
+# Configuration variables |
57 |
+RELEASE_VER="" |
58 |
+case ${PV} in |
59 |
+9999*) |
60 |
+ EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" |
61 |
+ EGIT_SOURCEDIRS="${S}" |
62 |
+ inherit git-2 |
63 |
+ ;; |
64 |
+*) |
65 |
+ RELEASE_VER=${PV} |
66 |
+ ;; |
67 |
+esac |
68 |
+GCC_BOOTSTRAP_VER="4.7.3-r1" |
69 |
+# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ |
70 |
+PATCH_VER="12" # Gentoo patchset |
71 |
+: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires |
72 |
+ |
73 |
+GLIBC_PATCH_EXCLUDE+=" 0005_all_sys-types.h-drop-sys-sysmacros.h-include.patch" |
74 |
+ |
75 |
+IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" |
76 |
+ |
77 |
+# Here's how the cross-compile logic breaks down ... |
78 |
+# CTARGET - machine that will target the binaries |
79 |
+# CHOST - machine that will host the binaries |
80 |
+# CBUILD - machine that will build the binaries |
81 |
+# If CTARGET != CHOST, it means you want a libc for cross-compiling. |
82 |
+# If CHOST != CBUILD, it means you want to cross-compile the libc. |
83 |
+# CBUILD = CHOST = CTARGET - native build/install |
84 |
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build |
85 |
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler |
86 |
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler |
87 |
+# For install paths: |
88 |
+# CHOST = CTARGET - install into / |
89 |
+# CHOST != CTARGET - install into /usr/CTARGET/ |
90 |
+ |
91 |
+export CBUILD=${CBUILD:-${CHOST}} |
92 |
+export CTARGET=${CTARGET:-${CHOST}} |
93 |
+if [[ ${CTARGET} == ${CHOST} ]] ; then |
94 |
+ if [[ ${CATEGORY} == cross-* ]] ; then |
95 |
+ export CTARGET=${CATEGORY#cross-} |
96 |
+ fi |
97 |
+fi |
98 |
+ |
99 |
+is_crosscompile() { |
100 |
+ [[ ${CHOST} != ${CTARGET} ]] |
101 |
+} |
102 |
+ |
103 |
+# Why SLOT 2.2 you ask yourself while sippin your tea ? |
104 |
+# Everyone knows 2.2 > 0, duh. |
105 |
+SLOT="2.2" |
106 |
+ |
107 |
+# General: We need a new-enough binutils/gcc to match upstream baseline. |
108 |
+# arch: we need to make sure our binutils/gcc supports TLS. |
109 |
+COMMON_DEPEND=" |
110 |
+ nscd? ( selinux? ( |
111 |
+ audit? ( sys-process/audit ) |
112 |
+ caps? ( sys-libs/libcap ) |
113 |
+ ) ) |
114 |
+ suid? ( caps? ( sys-libs/libcap ) ) |
115 |
+ selinux? ( sys-libs/libselinux ) |
116 |
+ systemtap? ( dev-util/systemtap ) |
117 |
+" |
118 |
+DEPEND="${COMMON_DEPEND} |
119 |
+ >=app-misc/pax-utils-0.1.10 |
120 |
+ !<sys-apps/sandbox-1.6 |
121 |
+ !<sys-apps/portage-2.1.2" |
122 |
+RDEPEND="${COMMON_DEPEND} |
123 |
+ !sys-kernel/ps3-sources |
124 |
+ sys-apps/gentoo-functions |
125 |
+ !sys-libs/nss-db" |
126 |
+ |
127 |
+if [[ ${CATEGORY} == cross-* ]] ; then |
128 |
+ DEPEND+=" !crosscompile_opts_headers-only? ( |
129 |
+ >=${CATEGORY}/binutils-2.24 |
130 |
+ >=${CATEGORY}/gcc-4.7 |
131 |
+ )" |
132 |
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" |
133 |
+else |
134 |
+ DEPEND+=" |
135 |
+ >=sys-devel/binutils-2.24 |
136 |
+ >=sys-devel/gcc-4.7 |
137 |
+ virtual/os-headers" |
138 |
+ RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" |
139 |
+ PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" |
140 |
+fi |
141 |
+ |
142 |
+upstream_uris() { |
143 |
+ echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 |
144 |
+} |
145 |
+gentoo_uris() { |
146 |
+ local devspace="HTTP~vapier/dist/URI HTTP~dilfridge/distfiles/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI" |
147 |
+ devspace=${devspace//HTTP/https://dev.gentoo.org/} |
148 |
+ echo mirror://gentoo/$1 ${devspace//URI/$1} |
149 |
+} |
150 |
+SRC_URI=$( |
151 |
+ [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz |
152 |
+ [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 |
153 |
+) |
154 |
+SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" |
155 |
+ |
156 |
+src_unpack() { |
157 |
+ [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 |
158 |
+ |
159 |
+ toolchain-glibc_src_unpack |
160 |
+} |
161 |
+ |
162 |
+src_prepare() { |
163 |
+ toolchain-glibc_src_prepare |
164 |
+ |
165 |
+ cd "${S}" |
166 |
+ |
167 |
+ epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 |
168 |
+ |
169 |
+ if use hardened ; then |
170 |
+ # We don't enable these for non-hardened as the output is very terse -- |
171 |
+ # it only states that a crash happened. The default upstream behavior |
172 |
+ # includes backtraces and symbols. |
173 |
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" |
174 |
+ cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die |
175 |
+ cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die |
176 |
+ |
177 |
+ if use debug ; then |
178 |
+ # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. |
179 |
+ sed -i \ |
180 |
+ -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ |
181 |
+ -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ |
182 |
+ debug/Makefile || die |
183 |
+ fi |
184 |
+ fi |
185 |
+ |
186 |
+ case $(gcc-fullversion) in |
187 |
+ 4.8.[0-3]|4.9.0) |
188 |
+ eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" |
189 |
+ eerror "glibc. See https://bugs.gentoo.org/547420 for details." |
190 |
+ die "need to switch compilers #547420" |
191 |
+ ;; |
192 |
+ esac |
193 |
+} |