1 |
commit: 19ab6715d42b41ddcb51a3395016e090f03943e9 |
2 |
Author: Benda Xu <heroxbd <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Aug 25 13:26:27 2019 +0000 |
4 |
Commit: Benda XU <heroxbd <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Aug 25 13:26:58 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19ab6715 |
7 |
|
8 |
sys-libs/glibc: add kernel 2.6.16 compatibility patch. |
9 |
|
10 |
This is only for Prefix on deprecated systems. On thoses |
11 |
systems, vulnerable kernels are usually used. |
12 |
|
13 |
Hardened no longer makes sense, remove. |
14 |
|
15 |
Remove versionator, as it is not used. |
16 |
|
17 |
Package-Manager: Portage-2.3.73, Repoman-2.3.17 |
18 |
Signed-off-by: Benda Xu <heroxbd <AT> gentoo.org> |
19 |
|
20 |
.../glibc-2.19-hardened-configure-picdefault.patch | 30 -------- |
21 |
.../2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch | 32 -------- |
22 |
.../2.19/glibc-2.19-kernel-2.6.16-compat.patch | 85 ++++++++++++++++++++++ |
23 |
sys-libs/glibc/glibc-2.19-r2.ebuild | 40 +--------- |
24 |
4 files changed, 89 insertions(+), 98 deletions(-) |
25 |
|
26 |
diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch |
27 |
deleted file mode 100644 |
28 |
index 341d8c5028e..00000000000 |
29 |
--- a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch |
30 |
+++ /dev/null |
31 |
@@ -1,30 +0,0 @@ |
32 |
-Prevent default-fPIE from confusing configure into thinking |
33 |
-PIC code is default. This causes glibc to build both PIC and |
34 |
-non-PIC code as normal, which on the hardened compiler generates |
35 |
-PIC and PIE. |
36 |
- |
37 |
-Patch by Kevin F. Quinn <kevquinn@g.o> |
38 |
-Fixed for glibc 2.19 by Magnus Granberg <zorry@×××.nu> |
39 |
- |
40 |
---- configure.ac |
41 |
-+++ configure.ac |
42 |
-@@ -2145,7 +2145,7 @@ |
43 |
- # error PIC is default. |
44 |
- #endif |
45 |
- EOF |
46 |
--if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then |
47 |
-+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then |
48 |
- libc_cv_pic_default=no |
49 |
- fi |
50 |
- rm -f conftest.*]) |
51 |
---- configure |
52 |
-+++ configure |
53 |
-@@ -7698,7 +7698,7 @@ |
54 |
- # error PIC is default. |
55 |
- #endif |
56 |
- EOF |
57 |
--if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then |
58 |
-+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then |
59 |
- libc_cv_pic_default=no |
60 |
- fi |
61 |
- rm -f conftest.* |
62 |
|
63 |
diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch b/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch |
64 |
deleted file mode 100644 |
65 |
index 72a616a046a..00000000000 |
66 |
--- a/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch |
67 |
+++ /dev/null |
68 |
@@ -1,32 +0,0 @@ |
69 |
-https://bugs.gentoo.org/503838 |
70 |
-http://gcc.gnu.org/PR60465 |
71 |
-https://sourceware.org/ml/libc-alpha/2015-12/msg00556.html |
72 |
-https://trofi.github.io/posts/189-glibc-on-ia64-or-how-relocations-bootstrap.html |
73 |
- |
74 |
-newer versions of gcc generate relocations in the elf_get_dynamic_info func |
75 |
-which glibc relies on to populate some info structs. those structs are then |
76 |
-used by ldso to process relocations in itself. glibc requires that there are |
77 |
-no relocations until that point (*after* elf_get_dynamic_info), so we end up |
78 |
-crashing during elf_get_dynamic_info because the relocation has not yet been |
79 |
-processed. |
80 |
- |
81 |
-this hack shuffles the code in a way that tricks gcc into not generating the |
82 |
-relocation. we need to figure out something better for upstream. |
83 |
- |
84 |
---- a/elf/get-dynamic-info.h |
85 |
-+++ b/elf/get-dynamic-info.h |
86 |
-@@ -66,8 +66,12 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp) |
87 |
- info[DT_VALTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM |
88 |
- + DT_VERSIONTAGNUM + DT_EXTRANUM] = dyn; |
89 |
- else if ((d_tag_utype) DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM) |
90 |
-- info[DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM |
91 |
-- + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM] = dyn; |
92 |
-+ { |
93 |
-+ d_tag_utype i = |
94 |
-+ DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM |
95 |
-+ + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM; |
96 |
-+ info[i] = dyn; |
97 |
-+ } |
98 |
- ++dyn; |
99 |
- } |
100 |
- |
101 |
|
102 |
diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-compat.patch b/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-compat.patch |
103 |
new file mode 100644 |
104 |
index 00000000000..bf75f80cb7c |
105 |
--- /dev/null |
106 |
+++ b/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-compat.patch |
107 |
@@ -0,0 +1,85 @@ |
108 |
+Remove newer symbols that does not work on linux-2.6.16. |
109 |
+ |
110 |
+This is only for Prefix standalone. |
111 |
+ |
112 |
+Index: glibc-2.19/io/sys/stat.h |
113 |
+=================================================================== |
114 |
+--- glibc-2.19.orig/io/sys/stat.h |
115 |
++++ glibc-2.19/io/sys/stat.h |
116 |
+@@ -361,10 +361,6 @@ extern int mkfifoat (int __fd, const cha |
117 |
+ #ifdef __USE_ATFILE |
118 |
+ /* Set file access and modification times relative to directory file |
119 |
+ descriptor. */ |
120 |
+-extern int utimensat (int __fd, const char *__path, |
121 |
+- const struct timespec __times[2], |
122 |
+- int __flags) |
123 |
+- __THROW __nonnull ((2)); |
124 |
+ #endif |
125 |
+ |
126 |
+ #ifdef __USE_XOPEN2K8 |
127 |
+Index: glibc-2.19/posix/unistd.h |
128 |
+=================================================================== |
129 |
+--- glibc-2.19.orig/posix/unistd.h |
130 |
++++ glibc-2.19/posix/unistd.h |
131 |
+@@ -419,7 +419,6 @@ extern int pipe (int __pipedes[2]) __THR |
132 |
+ #ifdef __USE_GNU |
133 |
+ /* Same as pipe but apply flags passed in FLAGS to the new file |
134 |
+ descriptors. */ |
135 |
+-extern int pipe2 (int __pipedes[2], int __flags) __THROW __wur; |
136 |
+ #endif |
137 |
+ |
138 |
+ /* Schedule an alarm. In SECONDS seconds, the process will get a SIGALRM. |
139 |
+Index: glibc-2.19/sysdeps/unix/sysv/linux/x86/bits/epoll.h |
140 |
+=================================================================== |
141 |
+--- glibc-2.19.orig/sysdeps/unix/sysv/linux/x86/bits/epoll.h |
142 |
++++ glibc-2.19/sysdeps/unix/sysv/linux/x86/bits/epoll.h |
143 |
+@@ -19,11 +19,5 @@ |
144 |
+ # error "Never use <bits/epoll.h> directly; include <sys/epoll.h> instead." |
145 |
+ #endif |
146 |
+ |
147 |
+-/* Flags to be passed to epoll_create1. */ |
148 |
+-enum |
149 |
+- { |
150 |
+- EPOLL_CLOEXEC = 02000000 |
151 |
+-#define EPOLL_CLOEXEC EPOLL_CLOEXEC |
152 |
+- }; |
153 |
+ |
154 |
+ #define __EPOLL_PACKED __attribute__ ((__packed__)) |
155 |
+Index: glibc-2.19/sysdeps/unix/sysv/linux/bits/fcntl-linux.h |
156 |
+=================================================================== |
157 |
+--- glibc-2.19.orig/sysdeps/unix/sysv/linux/bits/fcntl-linux.h |
158 |
++++ glibc-2.19/sysdeps/unix/sysv/linux/bits/fcntl-linux.h |
159 |
+@@ -187,8 +187,6 @@ |
160 |
+ # define F_GETPIPE_SZ 1032 /* Set pipe page size array. */ |
161 |
+ #endif |
162 |
+ #ifdef __USE_XOPEN2K8 |
163 |
+-# define F_DUPFD_CLOEXEC 1030 /* Duplicate file descriptor with |
164 |
+- close-on-exit set. */ |
165 |
+ #endif |
166 |
+ |
167 |
+ /* For F_[GET|SET]FD. */ |
168 |
+Index: glibc-2.19/sysdeps/unix/sysv/linux/sys/epoll.h |
169 |
+=================================================================== |
170 |
+--- glibc-2.19.orig/sysdeps/unix/sysv/linux/sys/epoll.h |
171 |
++++ glibc-2.19/sysdeps/unix/sysv/linux/sys/epoll.h |
172 |
+@@ -101,7 +101,6 @@ extern int epoll_create (int __size) __T |
173 |
+ |
174 |
+ /* Same as epoll_create but with an FLAGS parameter. The unused SIZE |
175 |
+ parameter has been dropped. */ |
176 |
+-extern int epoll_create1 (int __flags) __THROW; |
177 |
+ |
178 |
+ |
179 |
+ /* Manipulate an epoll instance "epfd". Returns 0 in case of success, |
180 |
+Index: glibc-2.19/time/sys/time.h |
181 |
+=================================================================== |
182 |
+--- glibc-2.19.orig/time/sys/time.h |
183 |
++++ glibc-2.19/time/sys/time.h |
184 |
+@@ -140,8 +140,6 @@ extern int utimes (const char *__file, c |
185 |
+ |
186 |
+ #ifdef __USE_BSD |
187 |
+ /* Same as `utimes', but does not follow symbolic links. */ |
188 |
+-extern int lutimes (const char *__file, const struct timeval __tvp[2]) |
189 |
+- __THROW __nonnull ((1)); |
190 |
+ |
191 |
+ /* Same as `utimes', but takes an open file descriptor instead of a name. */ |
192 |
+ extern int futimes (int __fd, const struct timeval __tvp[2]) __THROW; |
193 |
|
194 |
diff --git a/sys-libs/glibc/glibc-2.19-r2.ebuild b/sys-libs/glibc/glibc-2.19-r2.ebuild |
195 |
index 58038d81dd6..a0b75a595e9 100644 |
196 |
--- a/sys-libs/glibc/glibc-2.19-r2.ebuild |
197 |
+++ b/sys-libs/glibc/glibc-2.19-r2.ebuild |
198 |
@@ -3,7 +3,7 @@ |
199 |
|
200 |
EAPI=6 |
201 |
|
202 |
-inherit prefix eutils versionator toolchain-funcs flag-o-matic gnuconfig usr-ldscript \ |
203 |
+inherit prefix eutils toolchain-funcs flag-o-matic gnuconfig usr-ldscript \ |
204 |
multilib systemd multiprocessing |
205 |
|
206 |
DESCRIPTION="GNU libc C library" |
207 |
@@ -32,7 +32,7 @@ PATCH_VER=9 |
208 |
SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.bz2" |
209 |
SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 )" |
210 |
|
211 |
-IUSE="audit caps compile-locales debug doc gd hardened headers-only multilib nscd profile selinux suid systemtap vanilla" |
212 |
+IUSE="audit caps compile-locales debug doc gd headers-only multilib nscd profile selinux suid systemtap vanilla" |
213 |
|
214 |
# Minimum kernel version that glibc requires |
215 |
# hppa requires 2.6.20 |
216 |
@@ -368,21 +368,6 @@ setup_flags() { |
217 |
|
218 |
filter-flags '-fstack-protector*' |
219 |
append-flags '-fno-stack-protector' |
220 |
- |
221 |
- # Starting with gcc-6 (and fully upstreamed pie patches) we control |
222 |
- # default enabled/disabled pie via use flags. So nothing to do |
223 |
- # here then. #618160 |
224 |
- if [[ $(gcc-major-version) -lt 6 ]]; then |
225 |
- if use hardened && tc-enables-pie ; then |
226 |
- # Force PIC macro definition for all compilations since they're all |
227 |
- # either -fPIC or -fPIE with the default-PIE compiler. |
228 |
- append-cppflags -DPIC |
229 |
- else |
230 |
- # Don't build -fPIE without the default-PIE compiler and the |
231 |
- # hardened-pie patch |
232 |
- filter-flags -fPIE |
233 |
- fi |
234 |
- fi |
235 |
} |
236 |
|
237 |
want_tls() { |
238 |
@@ -757,6 +742,8 @@ src_prepare() { |
239 |
|
240 |
gnuconfig_update |
241 |
|
242 |
+ eapply "${FILESDIR}"/2.19/glibc-2.19-kernel-2.6.16-compat.patch |
243 |
+ |
244 |
cd "${WORKDIR}" |
245 |
find . -name configure -exec touch {} + |
246 |
|
247 |
@@ -764,25 +751,6 @@ src_prepare() { |
248 |
|
249 |
# Fix permissions on some of the scripts. |
250 |
chmod u+x "${S}"/scripts/*.sh |
251 |
- |
252 |
- cd "${S}" |
253 |
- |
254 |
- if use hardened ; then |
255 |
- # We don't enable these for non-hardened as the output is very terse -- |
256 |
- # it only states that a crash happened. The default upstream behavior |
257 |
- # includes backtraces and symbols. |
258 |
- einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" |
259 |
- cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die |
260 |
- cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die |
261 |
- |
262 |
- if use debug ; then |
263 |
- # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. |
264 |
- sed -i \ |
265 |
- -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ |
266 |
- -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ |
267 |
- debug/Makefile || die |
268 |
- fi |
269 |
- fi |
270 |
} |
271 |
|
272 |
glibc_do_configure() { |