Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Andreas K. Hüttel" <dilfridge@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/files/2.20/, sys-libs/glibc/files/2.18/, ...
Date: Thu, 11 Apr 2019 20:53:29
Message-Id: 1555016000.1115b22539a40f78cf79a1aa70496fd84d909c00.dilfridge@gentoo
1 commit: 1115b22539a40f78cf79a1aa70496fd84d909c00
2 Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3 AuthorDate: Thu Apr 11 20:53:02 2019 +0000
4 Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
5 CommitDate: Thu Apr 11 20:53:20 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1115b225
7
8 sys-libs/glibc: Remove old
9
10 Package-Manager: Portage-2.3.62, Repoman-2.3.12
11 Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
12
13 sys-libs/glibc/Manifest | 2 -
14 .../glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c | 315 --------------------
15 .../glibc-2.10-hardened-configure-picdefault.patch | 30 --
16 .../glibc-2.10-hardened-inittls-nosysenter.patch | 274 ------------------
17 .../glibc/files/2.17/glibc-2.17-hardened-pie.patch | 42 ---
18 .../glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c | 314 --------------------
19 .../files/2.18/glibc-2.18-gentoo-stack_chk_fail.c | 322 ---------------------
20 .../glibc-2.18-hardened-inittls-nosysenter.patch | 277 ------------------
21 .../glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c | 299 -------------------
22 .../files/2.20/glibc-2.20-gentoo-stack_chk_fail.c | 2 -
23 .../glibc-2.20-hardened-inittls-nosysenter.patch | 306 --------------------
24 sys-libs/glibc/glibc-2.21-r2.ebuild | 149 ----------
25 12 files changed, 2332 deletions(-)
26
27 diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
28 index 94189ff713a..49cc077e29f 100644
29 --- a/sys-libs/glibc/Manifest
30 +++ b/sys-libs/glibc/Manifest
31 @@ -2,8 +2,6 @@ DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 BLAKE2B 3cc5c82cd57d0fbd26d
32 DIST gcc-multilib-bootstrap-20180511.tar.xz 2392908 BLAKE2B f3cf614399368acd8908f60d894c6344a2fa09383b30c1633a0682bc668367c8a2f8c6fec2d41b6e2178d709a2bd8db57e8b2ab56ba263c7d56f819c15acd061 SHA512 98c766e913693ab42ff790557acde2a36a8001e2648046a685b21964200df8d4d52d8452d499c0068c6648284d086ce062c2d36e2c6c2fd8aacd232d193f2853
33 DIST glibc-2.19-patches-9.tar.bz2 24584 BLAKE2B a96e930a5bd20fa75d9f259cc2117fa5ce98072274a24a5823bf877e3739fa4c001a94d7865e065ee0527f3974430d27da8038e042340a451ad2052c62724f26 SHA512 a95b3063ade974a3556480b798b317d33c7423a8cb9e69f67249ffb8b3d3c671d70d2d5f782c1efadc0bec4cc49a96d4fe89911f3dfcd85b459f69f3b4f38f0e
34 DIST glibc-2.19.tar.xz 12083312 BLAKE2B 9dc03346e0f0df4bf009a92d894b0a9f964ff92b7f4c9663cedf1cb6cf90435f28a15539d33791ecf43ee578fa4e26f916af0367651312ef8f9c1c38ce0dafa2 SHA512 9e021fcb3afbb9ace2a0e37fded231a62de861bd766e29d47163a03182e37add718b7acc3963d1c525f9556773e842297725715acde48dcfbaab6e756af1a23d
35 -DIST glibc-2.21-patches-7.tar.bz2 46894 BLAKE2B 5a15a3a5ca515351d5d41baaa59ae6b6d1c353f1500c3b8dcd6da895119c89afee9ef6afaa1e7d617f2cf7b7504635e5733429f65847acaa63c0a7bf8233ee9c SHA512 e4cca3d753c0b9d213c0ed85e3d08cbbf6517862b3a48af987e010abaf5a022b47330040ced183d30b5b934de7587e97b4342e51a6df3d5cfa768bdd8b43b756
36 -DIST glibc-2.21.tar.xz 12322092 BLAKE2B 1ce2be09787138262b59b56235e20777459e99861c65694b96f63d7faf24da8655882dd23b39c28a8a2d338c50710f76e1e4dc39a3f4ce9736ef2cbf7f99ed5b SHA512 8cded6693618bec115f678fcbd0b77556f97dfa8337608f66e37224aefa55b38765ba61cb4d58beea37b5934e5ec8e30bad58613707388484906f2a0ce77997d
37 DIST glibc-2.22-patches-13.tar.bz2 74479 BLAKE2B 1ab31614e8334508a63c842f503a395ff3ebeaa33d1890eab1d9e2985cb39064960053f2bbf99ec3bdec0ba5a80d259ca6b964fcaed9d99dcb6da84ddb8dd364 SHA512 73517fc1502b0733d67ade1d1ba6168415f5da64f37045fac0b10ef57155bf6dfbe1876e4742d2543fcea0c935c179426f6fbb94f0205968392ef903d2f83897
38 DIST glibc-2.22.tar.xz 12969072 BLAKE2B 36a2e08cf4c5c9396c414fcf5cf5f32d0a78a61e06a1309fbc5f560bed7a7f25a084f5f5c1097014d0911239c710ac9c06f6b6d603238b9c928dd286ebd05bbf SHA512 a8719f3a4f8aa5fa81711116fdafbea5082c6dfd85bd8c4cdce60571910263ab422b35bb8b55a84d37ccb146442133ba60a84d453ca4a439c8ccd35419bd051b
39 DIST glibc-2.23-patches-8.tar.bz2 304199 BLAKE2B 693e40090dbe43f0e9c1faa0bce75e43d5d3924b40c141f9d00ef147fd285b03e2c3bab6a32d1bf6978ca139c3f071f685d5caf1bffb1cce7e1d1f3c346e5c50 SHA512 470814bbbd9d4ee5fa2dd7570a2e14b0229723e373e801472856fd6c2f089499eddc300f69b49af8ba0edbdca583ee3ca521fdb5c642509717cafea0ad925fd2
40
41 diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c
42 deleted file mode 100644
43 index 37711e8aacb..00000000000
44 --- a/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c
45 +++ /dev/null
46 @@ -1,315 +0,0 @@
47 -/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
48 - This file is part of the GNU C Library.
49 -
50 - The GNU C Library is free software; you can redistribute it and/or
51 - modify it under the terms of the GNU Lesser General Public
52 - License as published by the Free Software Foundation; either
53 - version 2.1 of the License, or (at your option) any later version.
54 -
55 - The GNU C Library is distributed in the hope that it will be useful,
56 - but WITHOUT ANY WARRANTY; without even the implied warranty of
57 - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
58 - Lesser General Public License for more details.
59 -
60 - You should have received a copy of the GNU Lesser General Public
61 - License along with the GNU C Library; if not, write to the Free
62 - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
63 - 02111-1307 USA. */
64 -
65 -/* Copyright (C) 2006-2008 Gentoo Foundation Inc.
66 - * License terms as above.
67 - *
68 - * Hardened Gentoo SSP and FORTIFY handler
69 - *
70 - * An SSP failure handler that does not use functions from the rest of
71 - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
72 - * no possibility of recursion into the handler.
73 - *
74 - * Direct all bug reports to http://bugs.gentoo.org/
75 - *
76 - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
77 - * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
78 - *
79 - * The following people contributed to the glibc-2.3 Hardened
80 - * Gentoo SSP and FORTIFY handler, from which this implementation draws much:
81 - *
82 - * Ned Ludd - <solar[@]gentoo.org>
83 - * Alexander Gabert - <pappy[@]gentoo.org>
84 - * The PaX Team - <pageexec[@]freemail.hu>
85 - * Peter S. Mazinger - <ps.m[@]gmx.net>
86 - * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
87 - * Robert Connolly - <robert[@]linuxfromscratch.org>
88 - * Cory Visi <cory[@]visi.name>
89 - * Mike Frysinger <vapier[@]gentoo.org>
90 - * Magnus Granberg <zorry[@]ume.nu>
91 - */
92 -
93 -#include <stdio.h>
94 -#include <stdlib.h>
95 -#include <errno.h>
96 -#include <unistd.h>
97 -#include <signal.h>
98 -
99 -#include <sys/types.h>
100 -
101 -#include <sysdep-cancel.h>
102 -#include <sys/syscall.h>
103 -#include <bp-checks.h>
104 -
105 -#include <kernel-features.h>
106 -
107 -#include <alloca.h>
108 -/* from sysdeps */
109 -#include <socketcall.h>
110 -/* for the stuff in bits/socket.h */
111 -#include <sys/socket.h>
112 -#include <sys/un.h>
113 -
114 -/* Sanity check on SYSCALL macro names - force compilation
115 - * failure if the names used here do not exist
116 - */
117 -#if !defined __NR_socketcall && !defined __NR_socket
118 -# error Cannot do syscall socket or socketcall
119 -#endif
120 -#if !defined __NR_socketcall && !defined __NR_connect
121 -# error Cannot do syscall connect or socketcall
122 -#endif
123 -#ifndef __NR_write
124 -# error Cannot do syscall write
125 -#endif
126 -#ifndef __NR_close
127 -# error Cannot do syscall close
128 -#endif
129 -#ifndef __NR_getpid
130 -# error Cannot do syscall getpid
131 -#endif
132 -#ifndef __NR_kill
133 -# error Cannot do syscall kill
134 -#endif
135 -#ifndef __NR_exit
136 -# error Cannot do syscall exit
137 -#endif
138 -#ifdef SSP_SMASH_DUMPS_CORE
139 -# define ENABLE_SSP_SMASH_DUMPS_CORE 1
140 -# if !defined _KERNEL_NSIG && !defined _NSIG
141 -# error No _NSIG or _KERNEL_NSIG for rt_sigaction
142 -# endif
143 -# if !defined __NR_sigaction && !defined __NR_rt_sigaction
144 -# error Cannot do syscall sigaction or rt_sigaction
145 -# endif
146 -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
147 - * of the _kernel_ sigset_t which is not the same as the user sigset_t.
148 - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
149 - * some reason.
150 - */
151 -# ifdef _KERNEL_NSIG
152 -# define _SSP_NSIG _KERNEL_NSIG
153 -# else
154 -# define _SSP_NSIG _NSIG
155 -# endif
156 -#else
157 -# define _SSP_NSIG 0
158 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0
159 -#endif
160 -
161 -/* Define DO_SIGACTION - default to newer rt signal interface but
162 - * fallback to old as needed.
163 - */
164 -#ifdef __NR_rt_sigaction
165 -# define DO_SIGACTION(signum, act, oldact) \
166 - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
167 -#else
168 -# define DO_SIGACTION(signum, act, oldact) \
169 - INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
170 -#endif
171 -
172 -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
173 -#if defined(__NR_socket) && defined(__NR_connect)
174 -# define USE_OLD_SOCKETCALL 0
175 -#else
176 -# define USE_OLD_SOCKETCALL 1
177 -#endif
178 -
179 -/* stub out the __NR_'s so we can let gcc optimize away dead code */
180 -#ifndef __NR_socketcall
181 -# define __NR_socketcall 0
182 -#endif
183 -#ifndef __NR_socket
184 -# define __NR_socket 0
185 -#endif
186 -#ifndef __NR_connect
187 -# define __NR_connect 0
188 -#endif
189 -#define DO_SOCKET(result, domain, type, protocol) \
190 - do { \
191 - if (USE_OLD_SOCKETCALL) { \
192 - socketargs[0] = domain; \
193 - socketargs[1] = type; \
194 - socketargs[2] = protocol; \
195 - socketargs[3] = 0; \
196 - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
197 - } else \
198 - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
199 - } while (0)
200 -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
201 - do { \
202 - if (USE_OLD_SOCKETCALL) { \
203 - socketargs[0] = sockfd; \
204 - socketargs[1] = (unsigned long int)serv_addr; \
205 - socketargs[2] = addrlen; \
206 - socketargs[3] = 0; \
207 - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
208 - } else \
209 - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
210 - } while (0)
211 -
212 -#ifndef _PATH_LOG
213 -# define _PATH_LOG "/dev/log"
214 -#endif
215 -
216 -static const char path_log[] = _PATH_LOG;
217 -
218 -/* For building glibc with SSP switched on, define __progname to a
219 - * constant if building for the run-time loader, to avoid pulling
220 - * in more of libc.so into ld.so
221 - */
222 -#ifdef IS_IN_rtld
223 -static char *__progname = "<rtld>";
224 -#else
225 -extern char *__progname;
226 -#endif
227 -
228 -/* Common handler code, used by chk_fail
229 - * Inlined to ensure no self-references to the handler within itself.
230 - * Data static to avoid putting more than necessary on the stack,
231 - * to aid core debugging.
232 - */
233 -__attribute__ ((__noreturn__ , __always_inline__))
234 -static inline void
235 -__hardened_gentoo_chk_fail(char func[], int damaged)
236 -{
237 -#define MESSAGE_BUFSIZ 256
238 - static pid_t pid;
239 - static int plen, i;
240 - static char message[MESSAGE_BUFSIZ];
241 - static const char msg_ssa[] = ": buffer overflow attack";
242 - static const char msg_inf[] = " in function ";
243 - static const char msg_ssd[] = "*** buffer overflow detected ***: ";
244 - static const char msg_terminated[] = " - terminated\n";
245 - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
246 - static const char msg_unknown[] = "<unknown>";
247 - static int log_socket, connect_result;
248 - static struct sockaddr_un sock;
249 - static unsigned long int socketargs[4];
250 -
251 - /* Build socket address
252 - */
253 - sock.sun_family = AF_UNIX;
254 - i = 0;
255 - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
256 - sock.sun_path[i] = path_log[i];
257 - i++;
258 - }
259 - sock.sun_path[i] = '\0';
260 -
261 - /* Try SOCK_DGRAM connection to syslog */
262 - connect_result = -1;
263 - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
264 - if (log_socket != -1)
265 - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
266 - if (connect_result == -1) {
267 - if (log_socket != -1)
268 - INLINE_SYSCALL(close, 1, log_socket);
269 - /* Try SOCK_STREAM connection to syslog */
270 - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
271 - if (log_socket != -1)
272 - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
273 - }
274 -
275 - /* Build message. Messages are generated both in the old style and new style,
276 - * so that log watchers that are configured for the old-style message continue
277 - * to work.
278 - */
279 -#define strconcat(str) \
280 - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
281 - {\
282 - message[plen+i]=str[i];\
283 - i++;\
284 - }\
285 - plen+=i;}
286 -
287 - /* R.Henderson post-gcc-4 style message */
288 - plen = 0;
289 - strconcat(msg_ssd);
290 - if (__progname != (char *)0)
291 - strconcat(__progname)
292 - else
293 - strconcat(msg_unknown);
294 - strconcat(msg_terminated);
295 -
296 - /* Write out error message to STDERR, to syslog if open */
297 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
298 - if (connect_result != -1)
299 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
300 -
301 - /* Dr. Etoh pre-gcc-4 style message */
302 - plen = 0;
303 - if (__progname != (char *)0)
304 - strconcat(__progname)
305 - else
306 - strconcat(msg_unknown);
307 - strconcat(msg_ssa);
308 - strconcat(msg_inf);
309 - if (func != NULL)
310 - strconcat(func)
311 - else
312 - strconcat(msg_unknown);
313 - strconcat(msg_terminated);
314 - /* Write out error message to STDERR, to syslog if open */
315 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
316 - if (connect_result != -1)
317 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
318 -
319 - /* Direct reports to bugs.gentoo.org */
320 - plen=0;
321 - strconcat(msg_report);
322 - message[plen++]='\0';
323 -
324 - /* Write out error message to STDERR, to syslog if open */
325 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
326 - if (connect_result != -1)
327 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
328 -
329 - if (log_socket != -1)
330 - INLINE_SYSCALL(close, 1, log_socket);
331 -
332 - /* Suicide */
333 - pid = INLINE_SYSCALL(getpid, 0);
334 -
335 - if (ENABLE_SSP_SMASH_DUMPS_CORE) {
336 - static struct sigaction default_abort_act;
337 - /* Remove any user-supplied handler for SIGABRT, before using it */
338 - default_abort_act.sa_handler = SIG_DFL;
339 - default_abort_act.sa_sigaction = NULL;
340 - __sigfillset(&default_abort_act.sa_mask);
341 - default_abort_act.sa_flags = 0;
342 - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
343 - INLINE_SYSCALL(kill, 2, pid, SIGABRT);
344 - }
345 -
346 - /* Note; actions cannot be added to SIGKILL */
347 - INLINE_SYSCALL(kill, 2, pid, SIGKILL);
348 -
349 - /* In case the kill didn't work, exit anyway
350 - * The loop prevents gcc thinking this routine returns
351 - */
352 - while (1)
353 - INLINE_SYSCALL(exit, 0);
354 -}
355 -
356 -__attribute__ ((__noreturn__))
357 -void __chk_fail(void)
358 -{
359 - __hardened_gentoo_chk_fail(NULL, 0);
360 -}
361 -
362
363 diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch
364 deleted file mode 100644
365 index e75ccc788c8..00000000000
366 --- a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch
367 +++ /dev/null
368 @@ -1,30 +0,0 @@
369 -Prevent default-fPIE from confusing configure into thinking
370 -PIC code is default. This causes glibc to build both PIC and
371 -non-PIC code as normal, which on the hardened compiler generates
372 -PIC and PIE.
373 -
374 -Patch by Kevin F. Quinn <kevquinn@g.o>
375 -Fixed for glibc 2.10 by Magnus Granberg <zorry@×××.nu>
376 -
377 ---- configure.in
378 -+++ configure.in
379 -@@ -2145,7 +2145,7 @@
380 - # error PIC is default.
381 - #endif
382 - EOF
383 --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
384 -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
385 - libc_cv_pic_default=no
386 - fi
387 - rm -f conftest.*])
388 ---- configure
389 -+++ configure
390 -@@ -7698,7 +7698,7 @@
391 - # error PIC is default.
392 - #endif
393 - EOF
394 --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
395 -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
396 - libc_cv_pic_default=no
397 - fi
398 - rm -f conftest.*
399
400 diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
401 deleted file mode 100644
402 index cb6d8e3c78b..00000000000
403 --- a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
404 +++ /dev/null
405 @@ -1,274 +0,0 @@
406 -When building glibc PIE (which is not something upstream support),
407 -several modifications are necessary to the glibc build process.
408 -
409 -First, any syscalls in PIEs must be of the PIC variant, otherwise
410 -textrels ensue. Then, any syscalls made before the initialisation
411 -of the TLS will fail on i386, as the sysenter variant on i386 uses
412 -the TLS, giving rise to a chicken-and-egg situation. This patch
413 -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
414 -version is normally used, and uses the non-sysenter version for the brk
415 -syscall that is performed by the TLS initialisation. Further, the TLS
416 -initialisation is moved in this case prior to the initialisation of
417 -dl_osversion, as that requires further syscalls.
418 -
419 -csu/libc-start.c: Move initial TLS initialization to before the
420 -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
421 -
422 -csu/libc-tls.c: Use the no-sysenter version of sbrk when
423 -INTERNAL_SYSCALL_NOSYSENTER is defined.
424 -
425 -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
426 -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
427 -
428 -misc/brk.c: Define a no-sysenter version of brk if
429 -INTERNAL_SYSCALL_NOSYSENTER is defined.
430 -
431 -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
432 -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
433 -
434 -Patch by Kevin F. Quinn <kevquinn@g.o>
435 -Fixed for 2.10 by Magnus Granberg <zorry@×××.nu>
436 -
437 ---- csu/libc-start.c
438 -+++ csu/libc-start.c
439 -@@ -28,6 +28,7 @@
440 - extern int __libc_multiple_libcs;
441 -
442 - #include <tls.h>
443 -+#include <sysdep.h>
444 - #ifndef SHARED
445 - # include <dl-osinfo.h>
446 - extern void __pthread_initialize_minimal (void);
447 -@@ -129,6 +130,11 @@
448 - # endif
449 - _dl_aux_init (auxvec);
450 - # endif
451 -+# ifdef INTERNAL_SYSCALL_NOSYSENTER
452 -+ /* Do the initial TLS initialization before _dl_osversion,
453 -+ since the latter uses the uname syscall. */
454 -+ __pthread_initialize_minimal ();
455 -+# endif
456 - # ifdef DL_SYSDEP_OSCHECK
457 - if (!__libc_multiple_libcs)
458 - {
459 -@@ -138,10 +144,12 @@
460 - }
461 - # endif
462 -
463 -+# ifndef INTERNAL_SYSCALL_NOSYSENTER
464 - /* Initialize the thread library at least a bit since the libgcc
465 - functions are using thread functions if these are available and
466 - we need to setup errno. */
467 - __pthread_initialize_minimal ();
468 -+# endif
469 -
470 - /* Set up the stack checker's canary. */
471 - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
472 ---- csu/libc-tls.c
473 -+++ csu/libc-tls.c
474 -@@ -23,6 +23,7 @@
475 - #include <unistd.h>
476 - #include <stdio.h>
477 - #include <sys/param.h>
478 -+#include <sysdep.h>
479 -
480 -
481 - #ifdef SHARED
482 -@@ -29,6 +30,9 @@
483 - #error makefile bug, this file is for static only
484 - #endif
485 -
486 -+#ifdef INTERNAL_SYSCALL_NOSYSENTER
487 -+extern void *__sbrk_nosysenter (intptr_t __delta);
488 -+#endif
489 - extern ElfW(Phdr) *_dl_phdr;
490 - extern size_t _dl_phnum;
491 -
492 -@@ -141,14 +145,26 @@
493 -
494 - The initialized value of _dl_tls_static_size is provided by dl-open.c
495 - to request some surplus that permits dynamic loading of modules with
496 -- IE-model TLS. */
497 -+ IE-model TLS.
498 -+
499 -+ Where the normal sbrk would use a syscall that needs the TLS (i386)
500 -+ use the special non-sysenter version instead. */
501 - #if TLS_TCB_AT_TP
502 - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
503 -+# ifdef INTERNAL_SYSCALL_NOSYSENTER
504 -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
505 -+# else
506 - tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
507 -+# endif
508 - #elif TLS_DTV_AT_TP
509 - tcb_offset = roundup (tcbsize, align ?: 1);
510 -+# ifdef INTERNAL_SYSCALL_NOSYSENTER
511 -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
512 -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
513 -+# else
514 - tlsblock = __sbrk (tcb_offset + memsz + max_align
515 - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
516 -+# endif
517 - tlsblock += TLS_PRE_TCB_SIZE;
518 - #else
519 - /* In case a model with a different layout for the TCB and DTV
520 ---- misc/sbrk.c
521 -+++ misc/sbrk.c
522 -@@ -18,6 +18,7 @@
523 - #include <errno.h>
524 - #include <stdint.h>
525 - #include <unistd.h>
526 -+#include <sysdep.h>
527 -
528 - /* Defined in brk.c. */
529 - extern void *__curbrk;
530 -@@ -29,6 +30,35 @@
531 - /* Extend the process's data space by INCREMENT.
532 - If INCREMENT is negative, shrink data space by - INCREMENT.
533 - Return start of new space allocated, or -1 for errors. */
534 -+#ifdef INTERNAL_SYSCALL_NOSYSENTER
535 -+/* This version is used by csu/libc-tls.c whem initialising the TLS
536 -+ if the SYSENTER version requires the TLS (which it does on i386).
537 -+ Obviously using the TLS before it is initialised is broken. */
538 -+extern int __brk_nosysenter (void *addr);
539 -+void *
540 -+__sbrk_nosysenter (intptr_t increment)
541 -+{
542 -+ void *oldbrk;
543 -+
544 -+ /* If this is not part of the dynamic library or the library is used
545 -+ via dynamic loading in a statically linked program update
546 -+ __curbrk from the kernel's brk value. That way two separate
547 -+ instances of __brk and __sbrk can share the heap, returning
548 -+ interleaved pieces of it. */
549 -+ if (__curbrk == NULL || __libc_multiple_libcs)
550 -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
551 -+ return (void *) -1;
552 -+
553 -+ if (increment == 0)
554 -+ return __curbrk;
555 -+
556 -+ oldbrk = __curbrk;
557 -+ if (__brk_nosysenter (oldbrk + increment) < 0)
558 -+ return (void *) -1;
559 -+
560 -+ return oldbrk;
561 -+}
562 -+#endif
563 - void *
564 - __sbrk (intptr_t increment)
565 - {
566 ---- sysdeps/unix/sysv/linux/i386/brk.c
567 -+++ sysdeps/unix/sysv/linux/i386/brk.c
568 -@@ -31,6 +31,30 @@
569 - linker. */
570 - weak_alias (__curbrk, ___brk_addr)
571 -
572 -+#ifdef INTERNAL_SYSCALL_NOSYSENTER
573 -+/* This version is used by csu/libc-tls.c whem initialising the TLS
574 -+ * if the SYSENTER version requires the TLS (which it does on i386).
575 -+ * Obviously using the TLS before it is initialised is broken. */
576 -+int
577 -+__brk_nosysenter (void *addr)
578 -+{
579 -+ void *__unbounded newbrk;
580 -+
581 -+ INTERNAL_SYSCALL_DECL (err);
582 -+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
583 -+ __ptrvalue (addr));
584 -+
585 -+ __curbrk = newbrk;
586 -+
587 -+ if (newbrk < addr)
588 -+ {
589 -+ __set_errno (ENOMEM);
590 -+ return -1;
591 -+ }
592 -+
593 -+ return 0;
594 -+}
595 -+#endif
596 - int
597 - __brk (void *addr)
598 - {
599 ---- sysdeps/unix/sysv/linux/i386/sysdep.h
600 -+++ sysdeps/unix/sysv/linux/i386/sysdep.h
601 -@@ -187,7 +187,7 @@
602 - /* The original calling convention for system calls on Linux/i386 is
603 - to use int $0x80. */
604 - #ifdef I386_USE_SYSENTER
605 --# ifdef SHARED
606 -+# if defined SHARED || defined __PIC__
607 - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
608 - # else
609 - # define ENTER_KERNEL call *_dl_sysinfo
610 -@@ -358,7 +358,7 @@
611 - possible to use more than four parameters. */
612 - #undef INTERNAL_SYSCALL
613 - #ifdef I386_USE_SYSENTER
614 --# ifdef SHARED
615 -+# if defined SHARED || defined __PIC__
616 - # define INTERNAL_SYSCALL(name, err, nr, args...) \
617 - ({ \
618 - register unsigned int resultvar; \
619 -@@ -384,6 +384,18 @@
620 - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
621 - ASMFMT_##nr(args) : "memory", "cc"); \
622 - (int) resultvar; })
623 -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
624 -+ ({ \
625 -+ register unsigned int resultvar; \
626 -+ EXTRAVAR_##nr \
627 -+ asm volatile ( \
628 -+ LOADARGS_NOSYSENTER_##nr \
629 -+ "movl %1, %%eax\n\t" \
630 -+ "int $0x80\n\t" \
631 -+ RESTOREARGS_NOSYSENTER_##nr \
632 -+ : "=a" (resultvar) \
633 -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
634 -+ (int) resultvar; })
635 - # else
636 - # define INTERNAL_SYSCALL(name, err, nr, args...) \
637 - ({ \
638 -@@ -447,12 +459,20 @@
639 -
640 - #define LOADARGS_0
641 - #ifdef __PIC__
642 --# if defined I386_USE_SYSENTER && defined SHARED
643 -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
644 - # define LOADARGS_1 \
645 - "bpushl .L__X'%k3, %k3\n\t"
646 - # define LOADARGS_5 \
647 - "movl %%ebx, %4\n\t" \
648 - "movl %3, %%ebx\n\t"
649 -+# define LOADARGS_NOSYSENTER_1 \
650 -+ "bpushl .L__X'%k2, %k2\n\t"
651 -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
652 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
653 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
654 -+# define LOADARGS_NOSYSENTER_5 \
655 -+ "movl %%ebx, %3\n\t" \
656 -+ "movl %2, %%ebx\n\t"
657 - # else
658 - # define LOADARGS_1 \
659 - "bpushl .L__X'%k2, %k2\n\t"
660 -@@ -474,11 +495,18 @@
661 -
662 - #define RESTOREARGS_0
663 - #ifdef __PIC__
664 --# if defined I386_USE_SYSENTER && defined SHARED
665 -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
666 - # define RESTOREARGS_1 \
667 - "bpopl .L__X'%k3, %k3\n\t"
668 - # define RESTOREARGS_5 \
669 - "movl %4, %%ebx"
670 -+# define RESTOREARGS_NOSYSENTER_1 \
671 -+ "bpopl .L__X'%k2, %k2\n\t"
672 -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
673 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
674 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
675 -+# define RESTOREARGS_NOSYSENTER_5 \
676 -+ "movl %3, %%ebx"
677 - # else
678 - # define RESTOREARGS_1 \
679 - "bpopl .L__X'%k2, %k2\n\t"
680
681 diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch
682 deleted file mode 100644
683 index da4fb82539c..00000000000
684 --- a/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch
685 +++ /dev/null
686 @@ -1,42 +0,0 @@
687 -2012-11-11 Magnus Granberg <zorry@g.o>
688 -
689 - #442712
690 - * Makeconfig (+link): Set to +link-pie.
691 - (+link-static-before-libc): Change $(static-start-installed-name) to
692 - S$(static-start-installed-name).
693 - (+prector): Set to +prectorS.
694 - (+postctor): Set to +postctorS.
695 -
696 ---- libc/Makeconfig
697 -+++ libc/Makeconfig
698 -@@ -447,11 +447,12 @@
699 - $(common-objpfx)libc% $(+postinit),$^) \
700 - $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
701 - endif
702 -++link = $(+link-pie)
703 - # Command for statically linking programs with the C library.
704 - ifndef +link-static
705 - +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \
706 - $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
707 -- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
708 -+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
709 - $(+preinit) $(+prectorT) \
710 - $(filter-out $(addprefix $(csu-objpfx),start.o \
711 - $(start-installed-name))\
712 -@@ -549,11 +550,10 @@
713 - ifeq ($(elf),yes)
714 - +preinit = $(addprefix $(csu-objpfx),crti.o)
715 - +postinit = $(addprefix $(csu-objpfx),crtn.o)
716 --+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o`
717 --+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
718 --# Variants of the two previous definitions for linking PIE programs.
719 - +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
720 - +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
721 -++prector = $(+prectorS)
722 -++postctor = $(+postctorS)
723 - # Variants of the two previous definitions for statically linking programs.
724 - +prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o`
725 - +postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
726 - +interp = $(addprefix $(elf-objpfx),interp.os)
727 - endif
728 - csu-objpfx = $(common-objpfx)csu/
729
730 diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c
731 deleted file mode 100644
732 index c1934362f62..00000000000
733 --- a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c
734 +++ /dev/null
735 @@ -1,314 +0,0 @@
736 -/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
737 - This file is part of the GNU C Library.
738 -
739 - The GNU C Library is free software; you can redistribute it and/or
740 - modify it under the terms of the GNU Lesser General Public
741 - License as published by the Free Software Foundation; either
742 - version 2.1 of the License, or (at your option) any later version.
743 -
744 - The GNU C Library is distributed in the hope that it will be useful,
745 - but WITHOUT ANY WARRANTY; without even the implied warranty of
746 - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
747 - Lesser General Public License for more details.
748 -
749 - You should have received a copy of the GNU Lesser General Public
750 - License along with the GNU C Library; if not, write to the Free
751 - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
752 - 02111-1307 USA. */
753 -
754 -/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
755 - * License terms as above.
756 - *
757 - * Hardened Gentoo SSP and FORTIFY handler
758 - *
759 - * An SSP failure handler that does not use functions from the rest of
760 - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
761 - * no possibility of recursion into the handler.
762 - *
763 - * Direct all bug reports to http://bugs.gentoo.org/
764 - *
765 - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
766 - * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
767 - *
768 - * The following people contributed to the glibc-2.3 Hardened
769 - * Gentoo SSP and FORTIFY handler, from which this implementation draws much:
770 - *
771 - * Ned Ludd - <solar[@]gentoo.org>
772 - * Alexander Gabert - <pappy[@]gentoo.org>
773 - * The PaX Team - <pageexec[@]freemail.hu>
774 - * Peter S. Mazinger - <ps.m[@]gmx.net>
775 - * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
776 - * Robert Connolly - <robert[@]linuxfromscratch.org>
777 - * Cory Visi <cory[@]visi.name>
778 - * Mike Frysinger <vapier[@]gentoo.org>
779 - * Magnus Granberg <zorry[@]ume.nu>
780 - */
781 -
782 -#include <stdio.h>
783 -#include <stdlib.h>
784 -#include <errno.h>
785 -#include <unistd.h>
786 -#include <signal.h>
787 -
788 -#include <sys/types.h>
789 -
790 -#include <sysdep-cancel.h>
791 -#include <sys/syscall.h>
792 -
793 -#include <kernel-features.h>
794 -
795 -#include <alloca.h>
796 -/* from sysdeps */
797 -#include <socketcall.h>
798 -/* for the stuff in bits/socket.h */
799 -#include <sys/socket.h>
800 -#include <sys/un.h>
801 -
802 -/* Sanity check on SYSCALL macro names - force compilation
803 - * failure if the names used here do not exist
804 - */
805 -#if !defined __NR_socketcall && !defined __NR_socket
806 -# error Cannot do syscall socket or socketcall
807 -#endif
808 -#if !defined __NR_socketcall && !defined __NR_connect
809 -# error Cannot do syscall connect or socketcall
810 -#endif
811 -#ifndef __NR_write
812 -# error Cannot do syscall write
813 -#endif
814 -#ifndef __NR_close
815 -# error Cannot do syscall close
816 -#endif
817 -#ifndef __NR_getpid
818 -# error Cannot do syscall getpid
819 -#endif
820 -#ifndef __NR_kill
821 -# error Cannot do syscall kill
822 -#endif
823 -#ifndef __NR_exit
824 -# error Cannot do syscall exit
825 -#endif
826 -#ifdef SSP_SMASH_DUMPS_CORE
827 -# define ENABLE_SSP_SMASH_DUMPS_CORE 1
828 -# if !defined _KERNEL_NSIG && !defined _NSIG
829 -# error No _NSIG or _KERNEL_NSIG for rt_sigaction
830 -# endif
831 -# if !defined __NR_sigaction && !defined __NR_rt_sigaction
832 -# error Cannot do syscall sigaction or rt_sigaction
833 -# endif
834 -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
835 - * of the _kernel_ sigset_t which is not the same as the user sigset_t.
836 - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
837 - * some reason.
838 - */
839 -# ifdef _KERNEL_NSIG
840 -# define _SSP_NSIG _KERNEL_NSIG
841 -# else
842 -# define _SSP_NSIG _NSIG
843 -# endif
844 -#else
845 -# define _SSP_NSIG 0
846 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0
847 -#endif
848 -
849 -/* Define DO_SIGACTION - default to newer rt signal interface but
850 - * fallback to old as needed.
851 - */
852 -#ifdef __NR_rt_sigaction
853 -# define DO_SIGACTION(signum, act, oldact) \
854 - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
855 -#else
856 -# define DO_SIGACTION(signum, act, oldact) \
857 - INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
858 -#endif
859 -
860 -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
861 -#if defined(__NR_socket) && defined(__NR_connect)
862 -# define USE_OLD_SOCKETCALL 0
863 -#else
864 -# define USE_OLD_SOCKETCALL 1
865 -#endif
866 -
867 -/* stub out the __NR_'s so we can let gcc optimize away dead code */
868 -#ifndef __NR_socketcall
869 -# define __NR_socketcall 0
870 -#endif
871 -#ifndef __NR_socket
872 -# define __NR_socket 0
873 -#endif
874 -#ifndef __NR_connect
875 -# define __NR_connect 0
876 -#endif
877 -#define DO_SOCKET(result, domain, type, protocol) \
878 - do { \
879 - if (USE_OLD_SOCKETCALL) { \
880 - socketargs[0] = domain; \
881 - socketargs[1] = type; \
882 - socketargs[2] = protocol; \
883 - socketargs[3] = 0; \
884 - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
885 - } else \
886 - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
887 - } while (0)
888 -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
889 - do { \
890 - if (USE_OLD_SOCKETCALL) { \
891 - socketargs[0] = sockfd; \
892 - socketargs[1] = (unsigned long int)serv_addr; \
893 - socketargs[2] = addrlen; \
894 - socketargs[3] = 0; \
895 - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
896 - } else \
897 - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
898 - } while (0)
899 -
900 -#ifndef _PATH_LOG
901 -# define _PATH_LOG "/dev/log"
902 -#endif
903 -
904 -static const char path_log[] = _PATH_LOG;
905 -
906 -/* For building glibc with SSP switched on, define __progname to a
907 - * constant if building for the run-time loader, to avoid pulling
908 - * in more of libc.so into ld.so
909 - */
910 -#ifdef IS_IN_rtld
911 -static char *__progname = "<rtld>";
912 -#else
913 -extern char *__progname;
914 -#endif
915 -
916 -/* Common handler code, used by chk_fail
917 - * Inlined to ensure no self-references to the handler within itself.
918 - * Data static to avoid putting more than necessary on the stack,
919 - * to aid core debugging.
920 - */
921 -__attribute__ ((__noreturn__ , __always_inline__))
922 -static inline void
923 -__hardened_gentoo_chk_fail(char func[], int damaged)
924 -{
925 -#define MESSAGE_BUFSIZ 256
926 - static pid_t pid;
927 - static int plen, i;
928 - static char message[MESSAGE_BUFSIZ];
929 - static const char msg_ssa[] = ": buffer overflow attack";
930 - static const char msg_inf[] = " in function ";
931 - static const char msg_ssd[] = "*** buffer overflow detected ***: ";
932 - static const char msg_terminated[] = " - terminated\n";
933 - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
934 - static const char msg_unknown[] = "<unknown>";
935 - static int log_socket, connect_result;
936 - static struct sockaddr_un sock;
937 - static unsigned long int socketargs[4];
938 -
939 - /* Build socket address
940 - */
941 - sock.sun_family = AF_UNIX;
942 - i = 0;
943 - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
944 - sock.sun_path[i] = path_log[i];
945 - i++;
946 - }
947 - sock.sun_path[i] = '\0';
948 -
949 - /* Try SOCK_DGRAM connection to syslog */
950 - connect_result = -1;
951 - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
952 - if (log_socket != -1)
953 - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
954 - if (connect_result == -1) {
955 - if (log_socket != -1)
956 - INLINE_SYSCALL(close, 1, log_socket);
957 - /* Try SOCK_STREAM connection to syslog */
958 - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
959 - if (log_socket != -1)
960 - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
961 - }
962 -
963 - /* Build message. Messages are generated both in the old style and new style,
964 - * so that log watchers that are configured for the old-style message continue
965 - * to work.
966 - */
967 -#define strconcat(str) \
968 - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
969 - {\
970 - message[plen+i]=str[i];\
971 - i++;\
972 - }\
973 - plen+=i;}
974 -
975 - /* R.Henderson post-gcc-4 style message */
976 - plen = 0;
977 - strconcat(msg_ssd);
978 - if (__progname != (char *)0)
979 - strconcat(__progname)
980 - else
981 - strconcat(msg_unknown);
982 - strconcat(msg_terminated);
983 -
984 - /* Write out error message to STDERR, to syslog if open */
985 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
986 - if (connect_result != -1)
987 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
988 -
989 - /* Dr. Etoh pre-gcc-4 style message */
990 - plen = 0;
991 - if (__progname != (char *)0)
992 - strconcat(__progname)
993 - else
994 - strconcat(msg_unknown);
995 - strconcat(msg_ssa);
996 - strconcat(msg_inf);
997 - if (func != NULL)
998 - strconcat(func)
999 - else
1000 - strconcat(msg_unknown);
1001 - strconcat(msg_terminated);
1002 - /* Write out error message to STDERR, to syslog if open */
1003 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
1004 - if (connect_result != -1)
1005 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
1006 -
1007 - /* Direct reports to bugs.gentoo.org */
1008 - plen=0;
1009 - strconcat(msg_report);
1010 - message[plen++]='\0';
1011 -
1012 - /* Write out error message to STDERR, to syslog if open */
1013 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
1014 - if (connect_result != -1)
1015 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
1016 -
1017 - if (log_socket != -1)
1018 - INLINE_SYSCALL(close, 1, log_socket);
1019 -
1020 - /* Suicide */
1021 - pid = INLINE_SYSCALL(getpid, 0);
1022 -
1023 - if (ENABLE_SSP_SMASH_DUMPS_CORE) {
1024 - static struct sigaction default_abort_act;
1025 - /* Remove any user-supplied handler for SIGABRT, before using it */
1026 - default_abort_act.sa_handler = SIG_DFL;
1027 - default_abort_act.sa_sigaction = NULL;
1028 - __sigfillset(&default_abort_act.sa_mask);
1029 - default_abort_act.sa_flags = 0;
1030 - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
1031 - INLINE_SYSCALL(kill, 2, pid, SIGABRT);
1032 - }
1033 -
1034 - /* Note; actions cannot be added to SIGKILL */
1035 - INLINE_SYSCALL(kill, 2, pid, SIGKILL);
1036 -
1037 - /* In case the kill didn't work, exit anyway
1038 - * The loop prevents gcc thinking this routine returns
1039 - */
1040 - while (1)
1041 - INLINE_SYSCALL(exit, 0);
1042 -}
1043 -
1044 -__attribute__ ((__noreturn__))
1045 -void __chk_fail(void)
1046 -{
1047 - __hardened_gentoo_chk_fail(NULL, 0);
1048 -}
1049 -
1050
1051 diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c
1052 deleted file mode 100644
1053 index 9535c215789..00000000000
1054 --- a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c
1055 +++ /dev/null
1056 @@ -1,322 +0,0 @@
1057 -/* Copyright (C) 2005 Free Software Foundation, Inc.
1058 - This file is part of the GNU C Library.
1059 -
1060 - The GNU C Library is free software; you can redistribute it and/or
1061 - modify it under the terms of the GNU Lesser General Public
1062 - License as published by the Free Software Foundation; either
1063 - version 2.1 of the License, or (at your option) any later version.
1064 -
1065 - The GNU C Library is distributed in the hope that it will be useful,
1066 - but WITHOUT ANY WARRANTY; without even the implied warranty of
1067 - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
1068 - Lesser General Public License for more details.
1069 -
1070 - You should have received a copy of the GNU Lesser General Public
1071 - License along with the GNU C Library; if not, write to the Free
1072 - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
1073 - 02111-1307 USA. */
1074 -
1075 -/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
1076 - * License terms as above.
1077 - *
1078 - * Hardened Gentoo SSP handler
1079 - *
1080 - * An SSP failure handler that does not use functions from the rest of
1081 - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
1082 - * no possibility of recursion into the handler.
1083 - *
1084 - * Direct all bug reports to http://bugs.gentoo.org/
1085 - *
1086 - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
1087 - * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
1088 - *
1089 - * Fixed to support glibc-2.18 by Magnus Granberg - <zorry[@]gentoo.org>
1090 - *
1091 - * The following people contributed to the glibc-2.3 Hardened
1092 - * Gentoo SSP handler, from which this implementation draws much:
1093 - *
1094 - * Ned Ludd - <solar[@]gentoo.org>
1095 - * Alexander Gabert - <pappy[@]gentoo.org>
1096 - * The PaX Team - <pageexec[@]freemail.hu>
1097 - * Peter S. Mazinger - <ps.m[@]gmx.net>
1098 - * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
1099 - * Robert Connolly - <robert[@]linuxfromscratch.org>
1100 - * Cory Visi <cory[@]visi.name>
1101 - * Mike Frysinger <vapier[@]gentoo.org>
1102 - */
1103 -
1104 -#include <errno.h>
1105 -#include <stdlib.h>
1106 -#include <unistd.h>
1107 -#include <signal.h>
1108 -
1109 -#include <sys/types.h>
1110 -
1111 -#include <sysdep-cancel.h>
1112 -#include <sys/syscall.h>
1113 -
1114 -#include <kernel-features.h>
1115 -
1116 -#include <alloca.h>
1117 -/* from sysdeps */
1118 -#include <socketcall.h>
1119 -/* for the stuff in bits/socket.h */
1120 -#include <sys/socket.h>
1121 -#include <sys/un.h>
1122 -
1123 -
1124 -/* Sanity check on SYSCALL macro names - force compilation
1125 - * failure if the names used here do not exist
1126 - */
1127 -#if !defined __NR_socketcall && !defined __NR_socket
1128 -# error Cannot do syscall socket or socketcall
1129 -#endif
1130 -#if !defined __NR_socketcall && !defined __NR_connect
1131 -# error Cannot do syscall connect or socketcall
1132 -#endif
1133 -#ifndef __NR_write
1134 -# error Cannot do syscall write
1135 -#endif
1136 -#ifndef __NR_close
1137 -# error Cannot do syscall close
1138 -#endif
1139 -#ifndef __NR_getpid
1140 -# error Cannot do syscall getpid
1141 -#endif
1142 -#ifndef __NR_kill
1143 -# error Cannot do syscall kill
1144 -#endif
1145 -#ifndef __NR_exit
1146 -# error Cannot do syscall exit
1147 -#endif
1148 -#ifdef SSP_SMASH_DUMPS_CORE
1149 -# define ENABLE_SSP_SMASH_DUMPS_CORE 1
1150 -# if !defined _KERNEL_NSIG && !defined _NSIG
1151 -# error No _NSIG or _KERNEL_NSIG for rt_sigaction
1152 -# endif
1153 -# if !defined __NR_sigaction && !defined __NR_rt_sigaction
1154 -# error Cannot do syscall sigaction or rt_sigaction
1155 -# endif
1156 -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
1157 - * of the _kernel_ sigset_t which is not the same as the user sigset_t.
1158 - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
1159 - * some reason.
1160 - */
1161 -# ifdef _KERNEL_NSIG
1162 -# define _SSP_NSIG _KERNEL_NSIG
1163 -# else
1164 -# define _SSP_NSIG _NSIG
1165 -# endif
1166 -#else
1167 -# define _SSP_NSIG 0
1168 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0
1169 -#endif
1170 -
1171 -/* Define DO_SIGACTION - default to newer rt signal interface but
1172 - * fallback to old as needed.
1173 - */
1174 -#ifdef __NR_rt_sigaction
1175 -# define DO_SIGACTION(signum, act, oldact) \
1176 - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
1177 -#else
1178 -# define DO_SIGACTION(signum, act, oldact) \
1179 - INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
1180 -#endif
1181 -
1182 -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
1183 -#if defined(__NR_socket) && defined(__NR_connect)
1184 -# define USE_OLD_SOCKETCALL 0
1185 -#else
1186 -# define USE_OLD_SOCKETCALL 1
1187 -#endif
1188 -/* stub out the __NR_'s so we can let gcc optimize away dead code */
1189 -#ifndef __NR_socketcall
1190 -# define __NR_socketcall 0
1191 -#endif
1192 -#ifndef __NR_socket
1193 -# define __NR_socket 0
1194 -#endif
1195 -#ifndef __NR_connect
1196 -# define __NR_connect 0
1197 -#endif
1198 -#define DO_SOCKET(result, domain, type, protocol) \
1199 - do { \
1200 - if (USE_OLD_SOCKETCALL) { \
1201 - socketargs[0] = domain; \
1202 - socketargs[1] = type; \
1203 - socketargs[2] = protocol; \
1204 - socketargs[3] = 0; \
1205 - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
1206 - } else \
1207 - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
1208 - } while (0)
1209 -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
1210 - do { \
1211 - if (USE_OLD_SOCKETCALL) { \
1212 - socketargs[0] = sockfd; \
1213 - socketargs[1] = (unsigned long int)serv_addr; \
1214 - socketargs[2] = addrlen; \
1215 - socketargs[3] = 0; \
1216 - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
1217 - } else \
1218 - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
1219 - } while (0)
1220 -
1221 -#ifndef _PATH_LOG
1222 -# define _PATH_LOG "/dev/log"
1223 -#endif
1224 -
1225 -static const char path_log[] = _PATH_LOG;
1226 -
1227 -/* For building glibc with SSP switched on, define __progname to a
1228 - * constant if building for the run-time loader, to avoid pulling
1229 - * in more of libc.so into ld.so
1230 - */
1231 -#ifdef IS_IN_rtld
1232 -static char *__progname = "<rtld>";
1233 -#else
1234 -extern char *__progname;
1235 -#endif
1236 -
1237 -
1238 -/* Common handler code, used by stack_chk_fail and __stack_smash_handler
1239 - * Inlined to ensure no self-references to the handler within itself.
1240 - * Data static to avoid putting more than necessary on the stack,
1241 - * to aid core debugging.
1242 - */
1243 -__attribute__ ((__noreturn__ , __always_inline__))
1244 -static inline void
1245 -__hardened_gentoo_stack_chk_fail(char func[], int damaged)
1246 -{
1247 -#define MESSAGE_BUFSIZ 256
1248 - static pid_t pid;
1249 - static int plen, i;
1250 - static char message[MESSAGE_BUFSIZ];
1251 - static const char msg_ssa[] = ": stack smashing attack";
1252 - static const char msg_inf[] = " in function ";
1253 - static const char msg_ssd[] = "*** stack smashing detected ***: ";
1254 - static const char msg_terminated[] = " - terminated\n";
1255 - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
1256 - static const char msg_unknown[] = "<unknown>";
1257 - static int log_socket, connect_result;
1258 - static struct sockaddr_un sock;
1259 - static unsigned long int socketargs[4];
1260 -
1261 - /* Build socket address
1262 - */
1263 - sock.sun_family = AF_UNIX;
1264 - i = 0;
1265 - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
1266 - sock.sun_path[i] = path_log[i];
1267 - i++;
1268 - }
1269 - sock.sun_path[i] = '\0';
1270 -
1271 - /* Try SOCK_DGRAM connection to syslog */
1272 - connect_result = -1;
1273 - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
1274 - if (log_socket != -1)
1275 - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
1276 - if (connect_result == -1) {
1277 - if (log_socket != -1)
1278 - INLINE_SYSCALL(close, 1, log_socket);
1279 - /* Try SOCK_STREAM connection to syslog */
1280 - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
1281 - if (log_socket != -1)
1282 - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
1283 - }
1284 -
1285 - /* Build message. Messages are generated both in the old style and new style,
1286 - * so that log watchers that are configured for the old-style message continue
1287 - * to work.
1288 - */
1289 -#define strconcat(str) \
1290 - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
1291 - {\
1292 - message[plen+i]=str[i];\
1293 - i++;\
1294 - }\
1295 - plen+=i;}
1296 -
1297 - /* R.Henderson post-gcc-4 style message */
1298 - plen = 0;
1299 - strconcat(msg_ssd);
1300 - if (__progname != (char *)0)
1301 - strconcat(__progname)
1302 - else
1303 - strconcat(msg_unknown);
1304 - strconcat(msg_terminated);
1305 -
1306 - /* Write out error message to STDERR, to syslog if open */
1307 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
1308 - if (connect_result != -1)
1309 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
1310 -
1311 - /* Dr. Etoh pre-gcc-4 style message */
1312 - plen = 0;
1313 - if (__progname != (char *)0)
1314 - strconcat(__progname)
1315 - else
1316 - strconcat(msg_unknown);
1317 - strconcat(msg_ssa);
1318 - strconcat(msg_inf);
1319 - if (func != NULL)
1320 - strconcat(func)
1321 - else
1322 - strconcat(msg_unknown);
1323 - strconcat(msg_terminated);
1324 - /* Write out error message to STDERR, to syslog if open */
1325 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
1326 - if (connect_result != -1)
1327 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
1328 -
1329 - /* Direct reports to bugs.gentoo.org */
1330 - plen=0;
1331 - strconcat(msg_report);
1332 - message[plen++]='\0';
1333 -
1334 - /* Write out error message to STDERR, to syslog if open */
1335 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
1336 - if (connect_result != -1)
1337 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
1338 -
1339 - if (log_socket != -1)
1340 - INLINE_SYSCALL(close, 1, log_socket);
1341 -
1342 - /* Suicide */
1343 - pid = INLINE_SYSCALL(getpid, 0);
1344 -
1345 - if (ENABLE_SSP_SMASH_DUMPS_CORE) {
1346 - static struct sigaction default_abort_act;
1347 - /* Remove any user-supplied handler for SIGABRT, before using it */
1348 - default_abort_act.sa_handler = SIG_DFL;
1349 - default_abort_act.sa_sigaction = NULL;
1350 - __sigfillset(&default_abort_act.sa_mask);
1351 - default_abort_act.sa_flags = 0;
1352 - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
1353 - INLINE_SYSCALL(kill, 2, pid, SIGABRT);
1354 - }
1355 -
1356 - /* Note; actions cannot be added to SIGKILL */
1357 - INLINE_SYSCALL(kill, 2, pid, SIGKILL);
1358 -
1359 - /* In case the kill didn't work, exit anyway
1360 - * The loop prevents gcc thinking this routine returns
1361 - */
1362 - while (1)
1363 - INLINE_SYSCALL(exit, 0);
1364 -}
1365 -
1366 -__attribute__ ((__noreturn__))
1367 -void __stack_chk_fail(void)
1368 -{
1369 - __hardened_gentoo_stack_chk_fail(NULL, 0);
1370 -}
1371 -
1372 -#ifdef ENABLE_OLD_SSP_COMPAT
1373 -__attribute__ ((__noreturn__))
1374 -void __stack_smash_handler(char func[], int damaged)
1375 -{
1376 - __hardened_gentoo_stack_chk_fail(func, damaged);
1377 -}
1378 -#endif
1379
1380 diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
1381 deleted file mode 100644
1382 index 8907ab2c6a3..00000000000
1383 --- a/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
1384 +++ /dev/null
1385 @@ -1,277 +0,0 @@
1386 -When building glibc PIE (which is not something upstream support),
1387 -several modifications are necessary to the glibc build process.
1388 -
1389 -First, any syscalls in PIEs must be of the PIC variant, otherwise
1390 -textrels ensue. Then, any syscalls made before the initialisation
1391 -of the TLS will fail on i386, as the sysenter variant on i386 uses
1392 -the TLS, giving rise to a chicken-and-egg situation. This patch
1393 -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
1394 -version is normally used, and uses the non-sysenter version for the brk
1395 -syscall that is performed by the TLS initialisation. Further, the TLS
1396 -initialisation is moved in this case prior to the initialisation of
1397 -dl_osversion, as that requires further syscalls.
1398 -
1399 -csu/libc-start.c: Move initial TLS initialization to before the
1400 -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
1401 -
1402 -csu/libc-tls.c: Use the no-sysenter version of sbrk when
1403 -INTERNAL_SYSCALL_NOSYSENTER is defined.
1404 -
1405 -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
1406 -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
1407 -
1408 -misc/brk.c: Define a no-sysenter version of brk if
1409 -INTERNAL_SYSCALL_NOSYSENTER is defined.
1410 -
1411 -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
1412 -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
1413 -
1414 -Patch by Kevin F. Quinn <kevquinn@g.o>
1415 -Fixed for 2.10 by Magnus Granberg <zorry@×××.nu>
1416 -Fixed for 2.18 by Magnus Granberg <zorry@g.o>
1417 -
1418 ---- csu/libc-start.c
1419 -+++ csu/libc-start.c
1420 -@@ -28,6 +28,7 @@
1421 - extern int __libc_multiple_libcs;
1422 -
1423 - #include <tls.h>
1424 -+#include <sysdep.h>
1425 - #ifndef SHARED
1426 - # include <dl-osinfo.h>
1427 - extern void __pthread_initialize_minimal (void);
1428 -@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char
1429 - GL(dl_phnum) = __ehdr_start.e_phnum;
1430 - }
1431 - }
1432 --
1433 -+# ifdef INTERNAL_SYSCALL_NOSYSENTER
1434 -+ /* Do the initial TLS initialization before _dl_osversion,
1435 -+ since the latter uses the uname syscall. */
1436 -+ __pthread_initialize_minimal ();
1437 -+# endif
1438 - # ifdef DL_SYSDEP_OSCHECK
1439 - if (!__libc_multiple_libcs)
1440 - {
1441 -@@ -138,10 +144,12 @@
1442 - }
1443 - # endif
1444 -
1445 -+# ifndef INTERNAL_SYSCALL_NOSYSENTER
1446 - /* Initialize the thread library at least a bit since the libgcc
1447 - functions are using thread functions if these are available and
1448 - we need to setup errno. */
1449 - __pthread_initialize_minimal ();
1450 -+# endif
1451 -
1452 - /* Set up the stack checker's canary. */
1453 - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
1454 ---- csu/libc-tls.c
1455 -+++ csu/libc-tls.c
1456 -@@ -22,14 +22,17 @@
1457 - #include <unistd.h>
1458 - #include <stdio.h>
1459 - #include <sys/param.h>
1460 --
1461 -+#include <sysdep.h>
1462 -
1463 - #ifdef SHARED
1464 - #error makefile bug, this file is for static only
1465 - #endif
1466 -
1467 --dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
1468 -+#ifdef INTERNAL_SYSCALL_NOSYSENTER
1469 -+extern void *__sbrk_nosysenter (intptr_t __delta);
1470 -+#endif
1471 -
1472 -+dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
1473 -
1474 - static struct
1475 - {
1476 -@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t
1477 -
1478 - The initialized value of _dl_tls_static_size is provided by dl-open.c
1479 - to request some surplus that permits dynamic loading of modules with
1480 -- IE-model TLS. */
1481 -+ IE-model TLS.
1482 -+
1483 -+ Where the normal sbrk would use a syscall that needs the TLS (i386)
1484 -+ use the special non-sysenter version instead. */
1485 - #if TLS_TCB_AT_TP
1486 - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
1487 -+# ifdef INTERNAL_SYSCALL_NOSYSENTER
1488 -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
1489 -+# else
1490 - tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
1491 -+#endif
1492 - #elif TLS_DTV_AT_TP
1493 - tcb_offset = roundup (tcbsize, align ?: 1);
1494 -+# ifdef INTERNAL_SYSCALL_NOSYSENTER
1495 -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
1496 -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
1497 -+# else
1498 - tlsblock = __sbrk (tcb_offset + memsz + max_align
1499 - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
1500 -+#endif
1501 - tlsblock += TLS_PRE_TCB_SIZE;
1502 - #else
1503 - /* In case a model with a different layout for the TCB and DTV
1504 ---- misc/sbrk.c
1505 -+++ misc/sbrk.c
1506 -@@ -18,6 +18,7 @@
1507 - #include <errno.h>
1508 - #include <stdint.h>
1509 - #include <unistd.h>
1510 -+#include <sysdep.h>
1511 -
1512 - /* Defined in brk.c. */
1513 - extern void *__curbrk;
1514 -@@ -29,6 +30,35 @@
1515 - /* Extend the process's data space by INCREMENT.
1516 - If INCREMENT is negative, shrink data space by - INCREMENT.
1517 - Return start of new space allocated, or -1 for errors. */
1518 -+#ifdef INTERNAL_SYSCALL_NOSYSENTER
1519 -+/* This version is used by csu/libc-tls.c whem initialising the TLS
1520 -+ if the SYSENTER version requires the TLS (which it does on i386).
1521 -+ Obviously using the TLS before it is initialised is broken. */
1522 -+extern int __brk_nosysenter (void *addr);
1523 -+void *
1524 -+__sbrk_nosysenter (intptr_t increment)
1525 -+{
1526 -+ void *oldbrk;
1527 -+
1528 -+ /* If this is not part of the dynamic library or the library is used
1529 -+ via dynamic loading in a statically linked program update
1530 -+ __curbrk from the kernel's brk value. That way two separate
1531 -+ instances of __brk and __sbrk can share the heap, returning
1532 -+ interleaved pieces of it. */
1533 -+ if (__curbrk == NULL || __libc_multiple_libcs)
1534 -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
1535 -+ return (void *) -1;
1536 -+
1537 -+ if (increment == 0)
1538 -+ return __curbrk;
1539 -+
1540 -+ oldbrk = __curbrk;
1541 -+ if (__brk_nosysenter (oldbrk + increment) < 0)
1542 -+ return (void *) -1;
1543 -+
1544 -+ return oldbrk;
1545 -+}
1546 -+#endif
1547 - void *
1548 - __sbrk (intptr_t increment)
1549 - {
1550 ---- sysdeps/unix/sysv/linux/i386/brk.c
1551 -+++ sysdeps/unix/sysv/linux/i386/brk.c
1552 -@@ -31,6 +31,29 @@
1553 - linker. */
1554 - weak_alias (__curbrk, ___brk_addr)
1555 -
1556 -+#ifdef INTERNAL_SYSCALL_NOSYSENTER
1557 -+/* This version is used by csu/libc-tls.c whem initialising the TLS
1558 -+ * if the SYSENTER version requires the TLS (which it does on i386).
1559 -+ * Obviously using the TLS before it is initialised is broken. */
1560 -+int
1561 -+__brk_nosysenter (void *addr)
1562 -+{
1563 -+ void * newbrk;
1564 -+
1565 -+ INTERNAL_SYSCALL_DECL (err);
1566 -+ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr);
1567 -+
1568 -+ __curbrk = newbrk;
1569 -+
1570 -+ if (newbrk < addr)
1571 -+ {
1572 -+ __set_errno (ENOMEM);
1573 -+ return -1;
1574 -+ }
1575 -+
1576 -+ return 0;
1577 -+}
1578 -+#endif
1579 - int
1580 - __brk (void *addr)
1581 - {
1582 ---- sysdeps/unix/sysv/linux/i386/sysdep.h
1583 -+++ sysdeps/unix/sysv/linux/i386/sysdep.h
1584 -@@ -187,7 +187,7 @@
1585 - /* The original calling convention for system calls on Linux/i386 is
1586 - to use int $0x80. */
1587 - #ifdef I386_USE_SYSENTER
1588 --# ifdef SHARED
1589 -+# if defined SHARED || defined __PIC__
1590 - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
1591 - # else
1592 - # define ENTER_KERNEL call *_dl_sysinfo
1593 -@@ -358,7 +358,7 @@
1594 - possible to use more than four parameters. */
1595 - #undef INTERNAL_SYSCALL
1596 - #ifdef I386_USE_SYSENTER
1597 --# ifdef SHARED
1598 -+# if defined SHARED || defined __PIC__
1599 - # define INTERNAL_SYSCALL(name, err, nr, args...) \
1600 - ({ \
1601 - register unsigned int resultvar; \
1602 -@@ -384,6 +384,18 @@
1603 - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
1604 - ASMFMT_##nr(args) : "memory", "cc"); \
1605 - (int) resultvar; })
1606 -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
1607 -+ ({ \
1608 -+ register unsigned int resultvar; \
1609 -+ EXTRAVAR_##nr \
1610 -+ asm volatile ( \
1611 -+ LOADARGS_NOSYSENTER_##nr \
1612 -+ "movl %1, %%eax\n\t" \
1613 -+ "int $0x80\n\t" \
1614 -+ RESTOREARGS_NOSYSENTER_##nr \
1615 -+ : "=a" (resultvar) \
1616 -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
1617 -+ (int) resultvar; })
1618 - # else
1619 - # define INTERNAL_SYSCALL(name, err, nr, args...) \
1620 - ({ \
1621 -@@ -447,12 +459,20 @@
1622 -
1623 - #define LOADARGS_0
1624 - #ifdef __PIC__
1625 --# if defined I386_USE_SYSENTER && defined SHARED
1626 -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
1627 - # define LOADARGS_1 \
1628 - "bpushl .L__X'%k3, %k3\n\t"
1629 - # define LOADARGS_5 \
1630 - "movl %%ebx, %4\n\t" \
1631 - "movl %3, %%ebx\n\t"
1632 -+# define LOADARGS_NOSYSENTER_1 \
1633 -+ "bpushl .L__X'%k2, %k2\n\t"
1634 -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
1635 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
1636 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
1637 -+# define LOADARGS_NOSYSENTER_5 \
1638 -+ "movl %%ebx, %3\n\t" \
1639 -+ "movl %2, %%ebx\n\t"
1640 - # else
1641 - # define LOADARGS_1 \
1642 - "bpushl .L__X'%k2, %k2\n\t"
1643 -@@ -474,11 +495,18 @@
1644 -
1645 - #define RESTOREARGS_0
1646 - #ifdef __PIC__
1647 --# if defined I386_USE_SYSENTER && defined SHARED
1648 -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
1649 - # define RESTOREARGS_1 \
1650 - "bpopl .L__X'%k3, %k3\n\t"
1651 - # define RESTOREARGS_5 \
1652 - "movl %4, %%ebx"
1653 -+# define RESTOREARGS_NOSYSENTER_1 \
1654 -+ "bpopl .L__X'%k2, %k2\n\t"
1655 -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
1656 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
1657 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
1658 -+# define RESTOREARGS_NOSYSENTER_5 \
1659 -+ "movl %3, %%ebx"
1660 - # else
1661 - # define RESTOREARGS_1 \
1662 - "bpopl .L__X'%k2, %k2\n\t"
1663
1664 diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
1665 deleted file mode 100644
1666 index a8ab9d8a3e2..00000000000
1667 --- a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
1668 +++ /dev/null
1669 @@ -1,299 +0,0 @@
1670 -/* Copyright (C) 2004-2014 Free Software Foundation, Inc.
1671 - Copyright (C) 2006-2014 Gentoo Foundation Inc.
1672 - This file is part of the GNU C Library.
1673 -
1674 - The GNU C Library is free software; you can redistribute it and/or
1675 - modify it under the terms of the GNU Lesser General Public
1676 - License as published by the Free Software Foundation; either
1677 - version 2.1 of the License, or (at your option) any later version.
1678 -
1679 - The GNU C Library is distributed in the hope that it will be useful,
1680 - but WITHOUT ANY WARRANTY; without even the implied warranty of
1681 - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
1682 - Lesser General Public License for more details.
1683 -
1684 - You should have received a copy of the GNU Lesser General Public
1685 - License along with the GNU C Library; if not, write to the Free
1686 - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
1687 - 02111-1307 USA. */
1688 -
1689 -/* Hardened Gentoo SSP and FORTIFY handler
1690 -
1691 - A failure handler that does not use functions from the rest of glibc;
1692 - it uses the INTERNAL_SYSCALL methods directly. This helps ensure no
1693 - possibility of recursion into the handler.
1694 -
1695 - Direct all bug reports to http://bugs.gentoo.org/
1696 -
1697 - People who have contributed significantly to the evolution of this file:
1698 - Ned Ludd - <solar[@]gentoo.org>
1699 - Alexander Gabert - <pappy[@]gentoo.org>
1700 - The PaX Team - <pageexec[@]freemail.hu>
1701 - Peter S. Mazinger - <ps.m[@]gmx.net>
1702 - Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
1703 - Robert Connolly - <robert[@]linuxfromscratch.org>
1704 - Cory Visi <cory[@]visi.name>
1705 - Mike Frysinger <vapier[@]gentoo.org>
1706 - Magnus Granberg <zorry[@]gentoo.org>
1707 - Kevin F. Quinn - <kevquinn[@]gentoo.org>
1708 - */
1709 -
1710 -#include <errno.h>
1711 -#include <stdio.h>
1712 -#include <stdlib.h>
1713 -#include <unistd.h>
1714 -#include <signal.h>
1715 -
1716 -#include <sys/types.h>
1717 -
1718 -#include <sysdep-cancel.h>
1719 -#include <sys/syscall.h>
1720 -
1721 -#include <kernel-features.h>
1722 -
1723 -#include <alloca.h>
1724 -/* from sysdeps */
1725 -#include <socketcall.h>
1726 -/* for the stuff in bits/socket.h */
1727 -#include <sys/socket.h>
1728 -#include <sys/un.h>
1729 -
1730 -/* Sanity check on SYSCALL macro names - force compilation
1731 - * failure if the names used here do not exist
1732 - */
1733 -#if !defined __NR_socketcall && !defined __NR_socket
1734 -# error Cannot do syscall socket or socketcall
1735 -#endif
1736 -#if !defined __NR_socketcall && !defined __NR_connect
1737 -# error Cannot do syscall connect or socketcall
1738 -#endif
1739 -#ifndef __NR_write
1740 -# error Cannot do syscall write
1741 -#endif
1742 -#ifndef __NR_close
1743 -# error Cannot do syscall close
1744 -#endif
1745 -#ifndef __NR_getpid
1746 -# error Cannot do syscall getpid
1747 -#endif
1748 -#ifndef __NR_kill
1749 -# error Cannot do syscall kill
1750 -#endif
1751 -#ifndef __NR_exit
1752 -# error Cannot do syscall exit
1753 -#endif
1754 -#ifdef SSP_SMASH_DUMPS_CORE
1755 -# define ENABLE_SSP_SMASH_DUMPS_CORE 1
1756 -# if !defined _KERNEL_NSIG && !defined _NSIG
1757 -# error No _NSIG or _KERNEL_NSIG for rt_sigaction
1758 -# endif
1759 -# if !defined __NR_sigaction && !defined __NR_rt_sigaction
1760 -# error Cannot do syscall sigaction or rt_sigaction
1761 -# endif
1762 -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
1763 - * of the _kernel_ sigset_t which is not the same as the user sigset_t.
1764 - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
1765 - * some reason.
1766 - */
1767 -# ifdef _KERNEL_NSIG
1768 -# define _SSP_NSIG _KERNEL_NSIG
1769 -# else
1770 -# define _SSP_NSIG _NSIG
1771 -# endif
1772 -#else
1773 -# define _SSP_NSIG 0
1774 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0
1775 -#endif
1776 -
1777 -/* Define DO_SIGACTION - default to newer rt signal interface but
1778 - * fallback to old as needed.
1779 - */
1780 -#ifdef __NR_rt_sigaction
1781 -# define DO_SIGACTION(signum, act, oldact) \
1782 - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
1783 -#else
1784 -# define DO_SIGACTION(signum, act, oldact) \
1785 - INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
1786 -#endif
1787 -
1788 -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
1789 -#if defined(__NR_socket) && defined(__NR_connect)
1790 -# define USE_OLD_SOCKETCALL 0
1791 -#else
1792 -# define USE_OLD_SOCKETCALL 1
1793 -#endif
1794 -
1795 -/* stub out the __NR_'s so we can let gcc optimize away dead code */
1796 -#ifndef __NR_socketcall
1797 -# define __NR_socketcall 0
1798 -#endif
1799 -#ifndef __NR_socket
1800 -# define __NR_socket 0
1801 -#endif
1802 -#ifndef __NR_connect
1803 -# define __NR_connect 0
1804 -#endif
1805 -#define DO_SOCKET(result, domain, type, protocol) \
1806 - do { \
1807 - if (USE_OLD_SOCKETCALL) { \
1808 - socketargs[0] = domain; \
1809 - socketargs[1] = type; \
1810 - socketargs[2] = protocol; \
1811 - socketargs[3] = 0; \
1812 - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
1813 - } else \
1814 - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
1815 - } while (0)
1816 -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
1817 - do { \
1818 - if (USE_OLD_SOCKETCALL) { \
1819 - socketargs[0] = sockfd; \
1820 - socketargs[1] = (unsigned long int)serv_addr; \
1821 - socketargs[2] = addrlen; \
1822 - socketargs[3] = 0; \
1823 - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
1824 - } else \
1825 - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
1826 - } while (0)
1827 -
1828 -#ifndef _PATH_LOG
1829 -# define _PATH_LOG "/dev/log"
1830 -#endif
1831 -
1832 -static const char path_log[] = _PATH_LOG;
1833 -
1834 -/* For building glibc with SSP switched on, define __progname to a
1835 - * constant if building for the run-time loader, to avoid pulling
1836 - * in more of libc.so into ld.so
1837 - */
1838 -#ifdef IS_IN_rtld
1839 -static const char *__progname = "<ldso>";
1840 -#else
1841 -extern const char *__progname;
1842 -#endif
1843 -
1844 -#ifdef GENTOO_SSP_HANDLER
1845 -# define ERROR_MSG "stack smashing"
1846 -#else
1847 -# define ERROR_MSG "buffer overflow"
1848 -#endif
1849 -
1850 -/* Common handler code, used by chk_fail
1851 - * Inlined to ensure no self-references to the handler within itself.
1852 - * Data static to avoid putting more than necessary on the stack,
1853 - * to aid core debugging.
1854 - */
1855 -__attribute__ ((__noreturn__, __always_inline__))
1856 -static inline void
1857 -__hardened_gentoo_fail(void)
1858 -{
1859 -#define MESSAGE_BUFSIZ 512
1860 - static pid_t pid;
1861 - static int plen, i, hlen;
1862 - static char message[MESSAGE_BUFSIZ];
1863 - /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */
1864 - static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: ";
1865 - static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: ";
1866 - static const char msg_terminated[] = " terminated; ";
1867 - static const char msg_report[] = "report to " REPORT_BUGS_TO "\n";
1868 - static const char msg_unknown[] = "<unknown>";
1869 - static int log_socket, connect_result;
1870 - static struct sockaddr_un sock;
1871 - static unsigned long int socketargs[4];
1872 -
1873 - /* Build socket address */
1874 - sock.sun_family = AF_UNIX;
1875 - i = 0;
1876 - while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) {
1877 - sock.sun_path[i] = path_log[i];
1878 - ++i;
1879 - }
1880 - sock.sun_path[i] = '\0';
1881 -
1882 - /* Try SOCK_DGRAM connection to syslog */
1883 - connect_result = -1;
1884 - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
1885 - if (log_socket != -1)
1886 - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
1887 - if (connect_result == -1) {
1888 - if (log_socket != -1)
1889 - INLINE_SYSCALL(close, 1, log_socket);
1890 - /* Try SOCK_STREAM connection to syslog */
1891 - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
1892 - if (log_socket != -1)
1893 - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
1894 - }
1895 -
1896 - /* Build message. Messages are generated both in the old style and new style,
1897 - * so that log watchers that are configured for the old-style message continue
1898 - * to work.
1899 - */
1900 -#define strconcat(str) \
1901 - ({ \
1902 - i = 0; \
1903 - while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \
1904 - message[plen + i] = str[i]; \
1905 - ++i; \
1906 - } \
1907 - plen += i; \
1908 - })
1909 -
1910 - /* Tersely log the failure */
1911 - plen = 0;
1912 - strconcat(msg_header);
1913 - hlen = plen;
1914 - strconcat(msg_ssd);
1915 - if (__progname != NULL)
1916 - strconcat(__progname);
1917 - else
1918 - strconcat(msg_unknown);
1919 - strconcat(msg_terminated);
1920 - strconcat(msg_report);
1921 -
1922 - /* Write out error message to STDERR, to syslog if open */
1923 - INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen);
1924 - if (connect_result != -1) {
1925 - INLINE_SYSCALL(write, 3, log_socket, message, plen);
1926 - INLINE_SYSCALL(close, 1, log_socket);
1927 - }
1928 -
1929 - /* Time to kill self since we have no idea what is going on */
1930 - pid = INLINE_SYSCALL(getpid, 0);
1931 -
1932 - if (ENABLE_SSP_SMASH_DUMPS_CORE) {
1933 - /* Remove any user-supplied handler for SIGABRT, before using it. */
1934 -#if 0
1935 - /*
1936 - * Note: Disabled because some programs catch & process their
1937 - * own crashes. We've already enabled this code path which
1938 - * means we want to let core dumps happen.
1939 - */
1940 - static struct sigaction default_abort_act;
1941 - default_abort_act.sa_handler = SIG_DFL;
1942 - default_abort_act.sa_sigaction = NULL;
1943 - __sigfillset(&default_abort_act.sa_mask);
1944 - default_abort_act.sa_flags = 0;
1945 - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
1946 -#endif
1947 - INLINE_SYSCALL(kill, 2, pid, SIGABRT);
1948 - }
1949 -
1950 - /* SIGKILL is only signal which cannot be caught */
1951 - INLINE_SYSCALL(kill, 2, pid, SIGKILL);
1952 -
1953 - /* In case the kill didn't work, exit anyway.
1954 - * The loop prevents gcc thinking this routine returns.
1955 - */
1956 - while (1)
1957 - INLINE_SYSCALL(exit, 1, 137);
1958 -}
1959 -
1960 -__attribute__ ((__noreturn__))
1961 -#ifdef GENTOO_SSP_HANDLER
1962 -void __stack_chk_fail(void)
1963 -#else
1964 -void __chk_fail(void)
1965 -#endif
1966 -{
1967 - __hardened_gentoo_fail();
1968 -}
1969
1970 diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c
1971 deleted file mode 100644
1972 index 4a537bb52c5..00000000000
1973 --- a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c
1974 +++ /dev/null
1975 @@ -1,2 +0,0 @@
1976 -#define GENTOO_SSP_HANDLER
1977 -#include <debug/chk_fail.c>
1978
1979 diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
1980 deleted file mode 100644
1981 index 35eabe94014..00000000000
1982 --- a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
1983 +++ /dev/null
1984 @@ -1,306 +0,0 @@
1985 -When building glibc PIE (which is not something upstream support),
1986 -several modifications are necessary to the glibc build process.
1987 -
1988 -First, any syscalls in PIEs must be of the PIC variant, otherwise
1989 -textrels ensue. Then, any syscalls made before the initialisation
1990 -of the TLS will fail on i386, as the sysenter variant on i386 uses
1991 -the TLS, giving rise to a chicken-and-egg situation. This patch
1992 -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
1993 -version is normally used, and uses the non-sysenter version for the brk
1994 -syscall that is performed by the TLS initialisation. Further, the TLS
1995 -initialisation is moved in this case prior to the initialisation of
1996 -dl_osversion, as that requires further syscalls.
1997 -
1998 -csu/libc-start.c: Move initial TLS initialization to before the
1999 -initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined
2000 -
2001 -csu/libc-tls.c: Use the no-sysenter version of sbrk when
2002 -INTERNAL_SYSCALL_PRE_TLS is defined.
2003 -
2004 -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
2005 -version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined.
2006 -
2007 -misc/brk.c: Define a no-sysenter version of brk if
2008 -INTERNAL_SYSCALL_PRE_TLS is defined.
2009 -
2010 -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS
2011 -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
2012 -
2013 -Patch by Kevin F. Quinn <kevquinn@g.o>
2014 -Fixed for 2.10 by Magnus Granberg <zorry@×××.nu>
2015 -Fixed for 2.18 by Magnus Granberg <zorry@g.o>
2016 -Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@g.o>
2017 -
2018 ---- a/csu/libc-start.c
2019 -+++ b/csu/libc-start.c
2020 -@@ -28,6 +28,7 @@
2021 - extern int __libc_multiple_libcs;
2022 -
2023 - #include <tls.h>
2024 -+#include <sysdep.h>
2025 - #ifndef SHARED
2026 - # include <dl-osinfo.h>
2027 - extern void __pthread_initialize_minimal (void);
2028 -@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char
2029 - }
2030 - }
2031 -
2032 -+# ifdef INTERNAL_SYSCALL_PRE_TLS
2033 -+ /* Do the initial TLS initialization before _dl_osversion,
2034 -+ since the latter uses the uname syscall. */
2035 -+ __pthread_initialize_minimal ();
2036 -+# endif
2037 - # ifdef DL_SYSDEP_OSCHECK
2038 - if (!__libc_multiple_libcs)
2039 - {
2040 -@@ -138,10 +144,12 @@
2041 - }
2042 - # endif
2043 -
2044 -+# ifndef INTERNAL_SYSCALL_PRE_TLS
2045 - /* Initialize the thread library at least a bit since the libgcc
2046 - functions are using thread functions if these are available and
2047 - we need to setup errno. */
2048 - __pthread_initialize_minimal ();
2049 -+# endif
2050 -
2051 - /* Set up the stack checker's canary. */
2052 - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
2053 ---- a/csu/libc-tls.c
2054 -+++ b/csu/libc-tls.c
2055 -@@ -22,12 +22,17 @@
2056 - #include <unistd.h>
2057 - #include <stdio.h>
2058 - #include <sys/param.h>
2059 -+#include <sysdep.h>
2060 -
2061 -
2062 - #ifdef SHARED
2063 - #error makefile bug, this file is for static only
2064 - #endif
2065 -
2066 -+#ifdef INTERNAL_SYSCALL_PRE_TLS
2067 -+extern void *__sbrk_nosysenter (intptr_t __delta);
2068 -+#endif
2069 -+
2070 - dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
2071 -
2072 -
2073 -@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t
2074 -
2075 - The initialized value of _dl_tls_static_size is provided by dl-open.c
2076 - to request some surplus that permits dynamic loading of modules with
2077 -- IE-model TLS. */
2078 -+ IE-model TLS.
2079 -+
2080 -+ Where the normal sbrk would use a syscall that needs the TLS (i386)
2081 -+ use the special non-sysenter version instead. */
2082 -+#ifdef INTERNAL_SYSCALL_PRE_TLS
2083 -+# define __sbrk __sbrk_nosysenter
2084 -+#endif
2085 - #if TLS_TCB_AT_TP
2086 - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
2087 - tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
2088 - #elif TLS_DTV_AT_TP
2089 - tcb_offset = roundup (tcbsize, align ?: 1);
2090 - tlsblock = __sbrk (tcb_offset + memsz + max_align
2091 - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
2092 - tlsblock += TLS_PRE_TCB_SIZE;
2093 - #else
2094 - /* In case a model with a different layout for the TCB and DTV
2095 - is defined add another #elif here and in the following #ifs. */
2096 - # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
2097 - #endif
2098 -+#ifdef INTERNAL_SYSCALL_PRE_TLS
2099 -+# undef __sbrk
2100 -+#endif
2101 -
2102 - /* Align the TLS block. */
2103 - tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1)
2104 ---- a/misc/sbrk.c
2105 -+++ b/misc/sbrk.c
2106 -@@ -18,6 +18,7 @@
2107 - #include <errno.h>
2108 - #include <stdint.h>
2109 - #include <unistd.h>
2110 -+#include <sysdep.h>
2111 -
2112 - /* Defined in brk.c. */
2113 - extern void *__curbrk;
2114 -@@ -29,6 +30,35 @@
2115 - /* Extend the process's data space by INCREMENT.
2116 - If INCREMENT is negative, shrink data space by - INCREMENT.
2117 - Return start of new space allocated, or -1 for errors. */
2118 -+#ifdef INTERNAL_SYSCALL_PRE_TLS
2119 -+/* This version is used by csu/libc-tls.c whem initialising the TLS
2120 -+ if the SYSENTER version requires the TLS (which it does on i386).
2121 -+ Obviously using the TLS before it is initialised is broken. */
2122 -+extern int __brk_nosysenter (void *addr);
2123 -+void *
2124 -+__sbrk_nosysenter (intptr_t increment)
2125 -+{
2126 -+ void *oldbrk;
2127 -+
2128 -+ /* If this is not part of the dynamic library or the library is used via
2129 -+ dynamic loading in a statically linked program update __curbrk from the
2130 -+ kernel's brk value. That way two separate instances of __brk and __sbrk
2131 -+ can share the heap, returning interleaved pieces of it. */
2132 -+ if (__curbrk == NULL || __libc_multiple_libcs)
2133 -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
2134 -+ return (void *) -1;
2135 -+
2136 -+ if (increment == 0)
2137 -+ return __curbrk;
2138 -+
2139 -+ oldbrk = __curbrk;
2140 -+ if (__brk_nosysenter (oldbrk + increment) < 0)
2141 -+ return (void *) -1;
2142 -+
2143 -+ return oldbrk;
2144 -+}
2145 -+#endif
2146 -+
2147 - void *
2148 - __sbrk (intptr_t increment)
2149 - {
2150 ---- a/sysdeps/unix/sysv/linux/i386/brk.c
2151 -+++ b/sysdeps/unix/sysv/linux/i386/brk.c
2152 -@@ -31,6 +31,30 @@
2153 - linker. */
2154 - weak_alias (__curbrk, ___brk_addr)
2155 -
2156 -+#ifdef INTERNAL_SYSCALL_PRE_TLS
2157 -+/* This version is used by csu/libc-tls.c whem initialising the TLS
2158 -+ if the SYSENTER version requires the TLS (which it does on i386).
2159 -+ Obviously using the TLS before it is initialised is broken. */
2160 -+int
2161 -+__brk_nosysenter (void *addr)
2162 -+{
2163 -+ void *newbrk;
2164 -+
2165 -+ INTERNAL_SYSCALL_DECL (err);
2166 -+ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr);
2167 -+
2168 -+ __curbrk = newbrk;
2169 -+
2170 -+ if (newbrk < addr)
2171 -+ {
2172 -+ __set_errno (ENOMEM);
2173 -+ return -1;
2174 -+ }
2175 -+
2176 -+ return 0;
2177 -+}
2178 -+#endif
2179 -+
2180 - int
2181 - __brk (void *addr)
2182 - {
2183 ---- a/sysdeps/unix/sysv/linux/i386/sysdep.h
2184 -+++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
2185 -@@ -187,7 +187,7 @@
2186 - /* The original calling convention for system calls on Linux/i386 is
2187 - to use int $0x80. */
2188 - #ifdef I386_USE_SYSENTER
2189 --# ifdef SHARED
2190 -+# ifdef __PIC__
2191 - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
2192 - # else
2193 - # define ENTER_KERNEL call *_dl_sysinfo
2194 -@@ -358,7 +358,7 @@
2195 - possible to use more than four parameters. */
2196 - #undef INTERNAL_SYSCALL
2197 - #ifdef I386_USE_SYSENTER
2198 --# ifdef SHARED
2199 -+# ifdef __PIC__
2200 - # define INTERNAL_SYSCALL(name, err, nr, args...) \
2201 - ({ \
2202 - register unsigned int resultvar; \
2203 -@@ -384,6 +384,18 @@
2204 - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
2205 - ASMFMT_##nr(args) : "memory", "cc"); \
2206 - (int) resultvar; })
2207 -+# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \
2208 -+ ({ \
2209 -+ register unsigned int resultvar; \
2210 -+ EXTRAVAR_##nr \
2211 -+ asm volatile ( \
2212 -+ LOADARGS_NOSYSENTER_##nr \
2213 -+ "movl %1, %%eax\n\t" \
2214 -+ "int $0x80\n\t" \
2215 -+ RESTOREARGS_NOSYSENTER_##nr \
2216 -+ : "=a" (resultvar) \
2217 -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
2218 -+ (int) resultvar; })
2219 - # else
2220 - # define INTERNAL_SYSCALL(name, err, nr, args...) \
2221 - ({ \
2222 -@@ -447,12 +459,20 @@
2223 -
2224 - #define LOADARGS_0
2225 - #ifdef __PIC__
2226 --# if defined I386_USE_SYSENTER && defined SHARED
2227 -+# if defined I386_USE_SYSENTER && defined __PIC__
2228 - # define LOADARGS_1 \
2229 - "bpushl .L__X'%k3, %k3\n\t"
2230 - # define LOADARGS_5 \
2231 - "movl %%ebx, %4\n\t" \
2232 - "movl %3, %%ebx\n\t"
2233 -+# define LOADARGS_NOSYSENTER_1 \
2234 -+ "bpushl .L__X'%k2, %k2\n\t"
2235 -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
2236 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
2237 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
2238 -+# define LOADARGS_NOSYSENTER_5 \
2239 -+ "movl %%ebx, %3\n\t" \
2240 -+ "movl %2, %%ebx\n\t"
2241 - # else
2242 - # define LOADARGS_1 \
2243 - "bpushl .L__X'%k2, %k2\n\t"
2244 -@@ -474,11 +494,18 @@
2245 -
2246 - #define RESTOREARGS_0
2247 - #ifdef __PIC__
2248 --# if defined I386_USE_SYSENTER && defined SHARED
2249 -+# if defined I386_USE_SYSENTER && defined __PIC__
2250 - # define RESTOREARGS_1 \
2251 - "bpopl .L__X'%k3, %k3\n\t"
2252 - # define RESTOREARGS_5 \
2253 - "movl %4, %%ebx"
2254 -+# define RESTOREARGS_NOSYSENTER_1 \
2255 -+ "bpopl .L__X'%k2, %k2\n\t"
2256 -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
2257 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
2258 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
2259 -+# define RESTOREARGS_NOSYSENTER_5 \
2260 -+ "movl %3, %%ebx"
2261 - # else
2262 - # define RESTOREARGS_1 \
2263 - "bpopl .L__X'%k2, %k2\n\t"
2264 ---- a/sysdeps/i386/nptl/tls.h
2265 -+++ b/sysdeps/i386/nptl/tls.h
2266 -@@ -189,6 +189,15 @@
2267 - desc->vals[3] = 0x51;
2268 - }
2269 -
2270 -+/* We have no sysenter until the tls is initialized which is a
2271 -+ problem for PIC. Thus we need to do the right call depending
2272 -+ on the situation. */
2273 -+#ifndef INTERNAL_SYSCALL_PRE_TLS
2274 -+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL
2275 -+#else
2276 -+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS
2277 -+#endif
2278 -+
2279 - /* Code to initially initialize the thread pointer. This might need
2280 - special attention since 'errno' is not yet available and if the
2281 - operation can cause a failure 'errno' must not be touched. */
2282 -@@ -209,7 +218,7 @@
2283 - \
2284 - /* Install the TLS. */ \
2285 - INTERNAL_SYSCALL_DECL (err); \
2286 -- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
2287 -+ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
2288 - \
2289 - if (_result == 0) \
2290 - /* We know the index in the GDT, now load the segment register. \
2291
2292 diff --git a/sys-libs/glibc/glibc-2.21-r2.ebuild b/sys-libs/glibc/glibc-2.21-r2.ebuild
2293 deleted file mode 100644
2294 index accbd33c95a..00000000000
2295 --- a/sys-libs/glibc/glibc-2.21-r2.ebuild
2296 +++ /dev/null
2297 @@ -1,149 +0,0 @@
2298 -# Copyright 1999-2018 Gentoo Foundation
2299 -# Distributed under the terms of the GNU General Public License v2
2300 -
2301 -EAPI="4"
2302 -
2303 -inherit toolchain-glibc
2304 -
2305 -DESCRIPTION="GNU libc6 (also called glibc2) C library"
2306 -HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
2307 -
2308 -LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
2309 -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
2310 -RESTRICT="strip" # strip ourself #46186
2311 -EMULTILIB_PKG="true"
2312 -
2313 -# Configuration variables
2314 -RELEASE_VER=""
2315 -case ${PV} in
2316 -9999*)
2317 - EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
2318 - inherit git-r3
2319 - ;;
2320 -*)
2321 - RELEASE_VER=${PV}
2322 - ;;
2323 -esac
2324 -GCC_BOOTSTRAP_VER="4.7.3-r1"
2325 -PATCH_VER="7" # Gentoo patchset
2326 -: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
2327 -
2328 -IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla headers-only"
2329 -
2330 -# Here's how the cross-compile logic breaks down ...
2331 -# CTARGET - machine that will target the binaries
2332 -# CHOST - machine that will host the binaries
2333 -# CBUILD - machine that will build the binaries
2334 -# If CTARGET != CHOST, it means you want a libc for cross-compiling.
2335 -# If CHOST != CBUILD, it means you want to cross-compile the libc.
2336 -# CBUILD = CHOST = CTARGET - native build/install
2337 -# CBUILD != (CHOST = CTARGET) - cross-compile a native build
2338 -# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
2339 -# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
2340 -# For install paths:
2341 -# CHOST = CTARGET - install into /
2342 -# CHOST != CTARGET - install into /usr/CTARGET/
2343 -
2344 -export CBUILD=${CBUILD:-${CHOST}}
2345 -export CTARGET=${CTARGET:-${CHOST}}
2346 -if [[ ${CTARGET} == ${CHOST} ]] ; then
2347 - if [[ ${CATEGORY} == cross-* ]] ; then
2348 - export CTARGET=${CATEGORY#cross-}
2349 - fi
2350 -fi
2351 -
2352 -is_crosscompile() {
2353 - [[ ${CHOST} != ${CTARGET} ]]
2354 -}
2355 -
2356 -# Why SLOT 2.2 you ask yourself while sippin your tea ?
2357 -# Everyone knows 2.2 > 0, duh.
2358 -SLOT="2.2"
2359 -
2360 -# General: We need a new-enough binutils/gcc to match upstream baseline.
2361 -# arch: we need to make sure our binutils/gcc supports TLS.
2362 -DEPEND=">=app-misc/pax-utils-0.1.10
2363 - !<sys-apps/sandbox-1.6
2364 - !<sys-apps/portage-2.1.2
2365 - selinux? ( sys-libs/libselinux )"
2366 -RDEPEND="!sys-kernel/ps3-sources
2367 - sys-apps/gentoo-functions
2368 - selinux? ( sys-libs/libselinux )
2369 - !sys-libs/nss-db"
2370 -
2371 -if [[ ${CATEGORY} == cross-* ]] ; then
2372 - DEPEND+=" !headers-only? (
2373 - >=${CATEGORY}/binutils-2.24
2374 - >=${CATEGORY}/gcc-4.6
2375 - )"
2376 - [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
2377 -else
2378 - DEPEND+="
2379 - >=sys-devel/binutils-2.24
2380 - >=sys-devel/gcc-4.6
2381 - virtual/os-headers"
2382 - RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
2383 - PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
2384 -fi
2385 -
2386 -upstream_uris() {
2387 - echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
2388 -}
2389 -gentoo_uris() {
2390 - local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
2391 - devspace=${devspace//HTTP/https://dev.gentoo.org/}
2392 - echo mirror://gentoo/$1 ${devspace//URI/$1}
2393 -}
2394 -SRC_URI=$(
2395 - [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
2396 - [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
2397 -)
2398 -SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
2399 -
2400 -src_unpack() {
2401 - [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
2402 -
2403 - toolchain-glibc_src_unpack
2404 -}
2405 -
2406 -src_prepare() {
2407 - toolchain-glibc_src_prepare
2408 -
2409 - cd "${S}"
2410 -
2411 - epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
2412 -
2413 - if use hardened ; then
2414 - einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
2415 - tc-enables-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
2416 - epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
2417 -
2418 - # We don't enable these for non-hardened as the output is very terse --
2419 - # it only states that a crash happened. The default upstream behavior
2420 - # includes backtraces and symbols.
2421 - einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
2422 - cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
2423 - cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
2424 -
2425 - if use debug ; then
2426 - # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
2427 - sed -i \
2428 - -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
2429 - -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
2430 - debug/Makefile || die
2431 - fi
2432 -
2433 - # Build various bits with ssp-all
2434 - sed -i \
2435 - -e 's:-fstack-protector$:-fstack-protector-all:' \
2436 - */Makefile || die
2437 - fi
2438 -
2439 - case $(gcc-fullversion) in
2440 - 4.8.[0-3]|4.9.0)
2441 - eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
2442 - eerror "glibc. See https://bugs.gentoo.org/547420 for details."
2443 - die "need to switch compilers #547420"
2444 - ;;
2445 - esac
2446 -}
Report Message
Find on MARC Find on Google Groups