summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin F. Quinn <kevquinn@gentoo.org>2007-03-13 07:24:29 +0000
committerKevin F. Quinn <kevquinn@gentoo.org>2007-03-13 07:24:29 +0000
commit37ceb5506218afac0c7f820a6f80f0f5839be4ce (patch)
tree4234fa4140b7f942a992d53419abf39cb056b151
parentUpdates in line with gentoo-x86 12/03/2007 (diff)
downloadkevquinn-37ceb5506218afac0c7f820a6f80f0f5839be4ce.tar.gz
kevquinn-37ceb5506218afac0c7f820a6f80f0f5839be4ce.tar.bz2
kevquinn-37ceb5506218afac0c7f820a6f80f0f5839be4ce.zip
Update in line with gentoo-x86 glibc-2.5-r1
svn path=/; revision=191
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest48
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c311
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch29
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch283
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch23
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/files/digest-glibc-2.5-r16
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild61
7 files changed, 690 insertions, 71 deletions
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest b/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest
index 5d6448d..b144c84 100644
--- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest
@@ -1,23 +1,23 @@
-AUX 2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058 RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 SHA1 ff92b7b6cb4a364dbe81c5110da79d1ad56a72ba SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df
-MD5 24dfc0b6f2725063612ea5e4e346b6f3 files/2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058
-RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 files/2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058
-SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df files/2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058
-AUX 2.4/glibc-2.4-hardened-configure-picdefault.patch 955 RMD160 dfa5dd2c09076318b7b6f53dbdf68877ebe7c258 SHA1 0723da00f5637618a11734a65eff43fa28a908e1 SHA256 3314216ca2994c80f223c091bee79a06f444faf317c16eb7bbc594fa23425657
-MD5 960090668e9700a4095a79907b227b3c files/2.4/glibc-2.4-hardened-configure-picdefault.patch 955
-RMD160 dfa5dd2c09076318b7b6f53dbdf68877ebe7c258 files/2.4/glibc-2.4-hardened-configure-picdefault.patch 955
-SHA256 3314216ca2994c80f223c091bee79a06f444faf317c16eb7bbc594fa23425657 files/2.4/glibc-2.4-hardened-configure-picdefault.patch 955
-AUX 2.4/glibc-2.4-hardened-inittls-nosysenter.patch 9436 RMD160 7f0c48ca72deae8d5ae4074765c93117814f7eaa SHA1 3c5b5fb599d621b2803ef6ff93b355cd16929ddd SHA256 1f777d27370e1868db88a0801ee9f1acae5295b2ec87754e861fa934fd290645
-MD5 c76c013b30eff912af508f7274cb4dd8 files/2.4/glibc-2.4-hardened-inittls-nosysenter.patch 9436
-RMD160 7f0c48ca72deae8d5ae4074765c93117814f7eaa files/2.4/glibc-2.4-hardened-inittls-nosysenter.patch 9436
-SHA256 1f777d27370e1868db88a0801ee9f1acae5295b2ec87754e861fa934fd290645 files/2.4/glibc-2.4-hardened-inittls-nosysenter.patch 9436
AUX 2.4/glibc-2.4-hardened-pie.patch 1629 RMD160 cd0dfdb10a86560d4c36ac04b7642b06ae41b3cd SHA1 990fc9a4f88d86f524030bdd2cb953eb781784a3 SHA256 a44ef5ef5490663fea6de10f9ecccbd45f1fb5bdb49abefb49527dfc14fa0977
MD5 51135a389633ff99dbd3f3d715821454 files/2.4/glibc-2.4-hardened-pie.patch 1629
RMD160 cd0dfdb10a86560d4c36ac04b7642b06ae41b3cd files/2.4/glibc-2.4-hardened-pie.patch 1629
SHA256 a44ef5ef5490663fea6de10f9ecccbd45f1fb5bdb49abefb49527dfc14fa0977 files/2.4/glibc-2.4-hardened-pie.patch 1629
-AUX 2.5/glibc-2.5-hardened-pie.patch 1522 RMD160 cd6d0fa46973a7f7b4575946998478d148268a50 SHA1 a231b2154d646d8bd6790771b194a8783d609e35 SHA256 25fc868ba67ba6b6e3476c5786dd493039bb06c70459a5f0c2b12602d294eec3
-MD5 f58815648658826e79ea33722d6c0742 files/2.5/glibc-2.5-hardened-pie.patch 1522
-RMD160 cd6d0fa46973a7f7b4575946998478d148268a50 files/2.5/glibc-2.5-hardened-pie.patch 1522
-SHA256 25fc868ba67ba6b6e3476c5786dd493039bb06c70459a5f0c2b12602d294eec3 files/2.5/glibc-2.5-hardened-pie.patch 1522
+AUX 2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058 RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 SHA1 ff92b7b6cb4a364dbe81c5110da79d1ad56a72ba SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df
+MD5 24dfc0b6f2725063612ea5e4e346b6f3 files/2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058
+RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 files/2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058
+SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df files/2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058
+AUX 2.5/glibc-2.5-hardened-configure-picdefault.patch 794 RMD160 7ab81bac4b9625043b1e7edea6fb5707696c144d SHA1 25a0b018eb44f3c9818876a12e9ec817e305d80b SHA256 0c0359f567e4ad2d3184618bf6ac7e6102b703eab6227c7e9a4ff4dcdeed2c91
+MD5 a16cdc2083bdc31ad63f60045e2cc3ef files/2.5/glibc-2.5-hardened-configure-picdefault.patch 794
+RMD160 7ab81bac4b9625043b1e7edea6fb5707696c144d files/2.5/glibc-2.5-hardened-configure-picdefault.patch 794
+SHA256 0c0359f567e4ad2d3184618bf6ac7e6102b703eab6227c7e9a4ff4dcdeed2c91 files/2.5/glibc-2.5-hardened-configure-picdefault.patch 794
+AUX 2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 RMD160 352112bf4f2d8d58471f22f623784350baf0bc86 SHA1 ae244e9923c0a0e8be4121d593897530c0bf08e8 SHA256 2a912e82445815ae32744d990c59d8758ec74e482b856bd274c292848b9af1fd
+MD5 310d9d273a19090287c44a38aba92753 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407
+RMD160 352112bf4f2d8d58471f22f623784350baf0bc86 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407
+SHA256 2a912e82445815ae32744d990c59d8758ec74e482b856bd274c292848b9af1fd files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407
+AUX 2.5/glibc-2.5-hardened-pie.patch 1548 RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da SHA1 0bb184451121d130be9e1888d081c556edcb88d3 SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00
+MD5 8d7eadd996eec8fa9939658404ee386d files/2.5/glibc-2.5-hardened-pie.patch 1548
+RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da files/2.5/glibc-2.5-hardened-pie.patch 1548
+SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00 files/2.5/glibc-2.5-hardened-pie.patch 1548
AUX nscd 1621 RMD160 f6d20c4c3814f70d7741f3fa2e0b53ba32c37960 SHA1 5751fe798024c2021b7b3ed3e798618e2a38244a SHA256 6165db3a2fcb251d4f3655c0461e018ce9c92a37f7f22a8fd2b75178b5435bc8
MD5 d142c6e0b4fd508f485d0aa9c5d12a91 files/nscd 1621
RMD160 f6d20c4c3814f70d7741f3fa2e0b53ba32c37960 files/nscd 1621
@@ -30,15 +30,15 @@ AUX nsswitch.conf 503 RMD160 f375f92f6b41029c93382c39cef896261b140cfc SHA1 42f7f
MD5 8d58079469aedb014a800101ef60558f files/nsswitch.conf 503
RMD160 f375f92f6b41029c93382c39cef896261b140cfc files/nsswitch.conf 503
SHA256 6c38b8642d5da884327ad678d0351d57be3621562253bd9711394bad87e45e2d files/nsswitch.conf 503
-DIST glibc-2.5-patches-1.3.2.tar.bz2 182152 RMD160 af497b417d05c0e8c26174d3db053f3192936ef6 SHA1 f1b5dff0659bd3dc02e44186948f9f05a6b6e9cc SHA256 20fa70f908011a5c9c0fade0e4489263550153722938a730669fad93c81865ff
+DIST glibc-2.5-patches-1.4.tar.bz2 527303 RMD160 08e219988bfa5aba2eea057f412a615d8531095b SHA1 6fbfeb1468f5a8f9dca73a1a6314de202d753e63 SHA256 5d0ab0634d4f9dd9016b86fda3ac469e9511267181ed7d9c409a6e9c392bc3e0
DIST glibc-2.5.tar.bz2 15321839 RMD160 25a0a460c0db1e5b7c570e5087461696f2096fd2 SHA1 ec9a007c4875062099a4701ac9137fcdb5a71447 SHA256 9b2e12bb1eafb55ab2e5a868532b8e6ec39216c66c25b8998d7474bc4d4eb529
DIST glibc-libidn-2.5.tar.bz2 102330 RMD160 e10e85e0ee7cdab2e5518a93978cb688ccabee88 SHA1 ee7e019e01aa338e28db1eeb34abb2cb09d2f30a SHA256 de77e49e0beee6061d4c6e480f322566ba25d4e5e018c456a18ea4a8da5c0ede
DIST glibc-linuxthreads-2.5.tar.bz2 242445 RMD160 788484d035d53ac39aac18f6e3409a912eea1cfa SHA1 eb7765e5c0a14c7475f1c8b92cbe1f625a8fd76f SHA256 ee27aeba6124a8b351c720eb898917f0f8874d9a384cc2f17aa111a3d679bd2c
DIST glibc-ports-2.5.tar.bz2 409372 RMD160 e7e29df135a5f0f72760d10e5ad46de038e40725 SHA1 7da6257e641759ed29c4d316700fce6f604bc812 SHA256 80c38a005325e7539012bd665fb8e06af9ee9bfc74efb236ebff121265bfd463
-EBUILD glibc-2.5-r1.ebuild 39927 RMD160 46506b8d94e7c9134ee738f25414b340936485ec SHA1 114c5afd352128e8add1f63be3c92d5b97f6f056 SHA256 949cf1859506d85fecff8000cf2eb10a739d3a48f66518c949fd2f3e883b5d42
-MD5 d46d28b4b7f80169c482fd932046ccec glibc-2.5-r1.ebuild 39927
-RMD160 46506b8d94e7c9134ee738f25414b340936485ec glibc-2.5-r1.ebuild 39927
-SHA256 949cf1859506d85fecff8000cf2eb10a739d3a48f66518c949fd2f3e883b5d42 glibc-2.5-r1.ebuild 39927
-MD5 5b7e320e8b8b1a96ace60aa95385c122 files/digest-glibc-2.5-r1 1286
-RMD160 6302561abceb3a88449dfe74bd6f2e373f00dec3 files/digest-glibc-2.5-r1 1286
-SHA256 c20b8f42085597085e3589fbfd2dc5351f0c63a5492a55f82b59a1481b2a28f3 files/digest-glibc-2.5-r1 1286
+EBUILD glibc-2.5-r1.ebuild 39299 RMD160 c0d85a895e0d6f83e02348af5f54060dfcbc54af SHA1 06079608991c99008091b9d1c824f541bb82ec9a SHA256 a4a0643cfc7cfdc8e3d946e71eb7d4df04d5f585d495ab87794ffdc983a005e5
+MD5 d96ad308c47b08eec3713cc1a7628edd glibc-2.5-r1.ebuild 39299
+RMD160 c0d85a895e0d6f83e02348af5f54060dfcbc54af glibc-2.5-r1.ebuild 39299
+SHA256 a4a0643cfc7cfdc8e3d946e71eb7d4df04d5f585d495ab87794ffdc983a005e5 glibc-2.5-r1.ebuild 39299
+MD5 30fc9163b2a49cb4a083d02feace4918 files/digest-glibc-2.5-r1 1280
+RMD160 74d079011c9a8d9155cd5f51591ca3a04cb9df26 files/digest-glibc-2.5-r1 1280
+SHA256 b0af33330bd44dd7acd6f4aec9039d61b7fe9de005a8cf6edf63ee399cdeaa72 files/digest-glibc-2.5-r1 1280
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c
new file mode 100644
index 0000000..e304440
--- /dev/null
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c
@@ -0,0 +1,311 @@
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+/* Copyright (C) 2006 Gentoo Foundation Inc.
+ * License terms as above.
+ *
+ * Hardened Gentoo SSP handler
+ *
+ * An SSP failure handler that does not use functions from the rest of
+ * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
+ * no possibility of recursion into the handler.
+ *
+ * Direct all bug reports to http://bugs.gentoo.org/
+ *
+ * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
+ * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
+ *
+ * The following people contributed to the glibc-2.3 Hardened
+ * Gentoo SSP handler, from which this implementation draws much:
+ *
+ * Ned Ludd - <solar[@]gentoo.org>
+ * Alexander Gabert - <pappy[@]gentoo.org>
+ * The PaX Team - <pageexec[@]freemail.hu>
+ * Peter S. Mazinger - <ps.m[@]gmx.net>
+ * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
+ * Robert Connolly - <robert[@]linuxfromscratch.org>
+ * Cory Visi <cory[@]visi.name>
+ * Mike Frysinger <vapier[@]gentoo.org>
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/types.h>
+
+#include <sysdep-cancel.h>
+#include <sys/syscall.h>
+#include <bp-checks.h>
+
+#include <kernel-features.h>
+
+#include <alloca.h>
+/* from sysdeps */
+#include <socketcall.h>
+/* for the stuff in bits/socket.h */
+#include <sys/socket.h>
+#include <sys/un.h>
+
+
+/* Sanity check on SYSCALL macro names - force compilation
+ * failure if the names used here do not exist
+ */
+#if !defined __NR_socketcall && !defined __NR_socket
+# error Cannot do syscall socket or socketcall
+#endif
+#if !defined __NR_socketcall && !defined __NR_connect
+# error Cannot do syscall connect or socketcall
+#endif
+#ifndef __NR_write
+# error Cannot do syscall write
+#endif
+#ifndef __NR_close
+# error Cannot do syscall close
+#endif
+#ifndef __NR_getpid
+# error Cannot do syscall getpid
+#endif
+#ifndef __NR_kill
+# error Cannot do syscall kill
+#endif
+#ifndef __NR_exit
+# error Cannot do syscall exit
+#endif
+#ifdef SSP_SMASH_DUMPS_CORE
+# if !defined _KERNEL_NSIG && !defined _NSIG
+# error No _NSIG or _KERNEL_NSIG for rt_sigaction
+# endif
+# if !defined __NR_sigation && !defined __NR_rt_sigaction
+# error Cannot do syscall sigaction or rt_sigaction
+# endif
+#endif
+
+
+
+/* Define DO_SOCKET/DO_CONNECT macros to deal with socketcall vs socket/connect */
+#ifdef __NR_socketcall
+
+# define DO_SOCKET(result,domain,type,protocol) \
+ {socketargs[0] = domain; \
+ socketargs[1] = type; \
+ socketargs[2] = protocol; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall,2,SOCKOP_socket,socketargs);}
+
+# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \
+ {socketargs[0] = sockfd; \
+ socketargs[1] = (unsigned long int)serv_addr; \
+ socketargs[2] = addrlen; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall,2,SOCKOP_connect,socketargs);}
+
+#else
+
+# define DO_SOCKET(result,domain,type,protocol) \
+ {result = INLINE_SYSCALL(socket,3,domain,type,protocol);}
+
+# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \
+ {result = INLINE_SYSCALL(connect,3,sockfd,serv_addr,addrlen);}
+
+#endif
+/* __NR_socketcall */
+
+
+#ifndef _PATH_LOG
+# define _PATH_LOG "/dev/log"
+#endif
+
+static const char path_log[]=_PATH_LOG;
+
+/* For building glibc with SSP switched on, define __progname to a
+ * constant if building for the run-time loader, to avoid pulling
+ * in more of libc.so into ld.so
+ */
+#ifdef IS_IN_rtld
+static char *__progname = "<rtld>";
+#else
+extern char *__progname;
+#endif
+
+
+/* Common handler code, used by stack_chk_fail and __stack_smash_handler
+ * Inlined to ensure no self-references to the handler within itself.
+ * Data static to avoid putting more than necessary on the stack,
+ * to aid core debugging.
+ */
+static inline void
+__attribute__ ((__noreturn__ , __always_inline__))
+__hardened_gentoo_stack_chk_fail (char func[], int damaged)
+{
+#define MESSAGE_BUFSIZ 256
+ static pid_t pid;
+ static int plen, i;
+ static char message[MESSAGE_BUFSIZ];
+ static const char msg_ssa[]=": stack smashing attack";
+ static const char msg_inf[]=" in function ";
+ static const char msg_ssd[]="*** stack smashing detected ***: ";
+ static const char msg_terminated[]=" - terminated\n";
+ static const char msg_report[]="Report to http://bugs.gentoo.org/\n";
+ static const char msg_unknown[]="<unknown>";
+#ifdef SSP_SMASH_DUMPS_CORE
+ static struct sigaction default_abort_act;
+#endif
+ static int log_socket, connect_result;
+ static struct sockaddr_un sock;
+#ifdef __NR_socketcall
+ static unsigned long int socketargs[4];
+#endif
+
+ /* Build socket address
+ */
+ sock.sun_family = AF_UNIX;
+ i=0;
+ while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1)))
+ {
+ sock.sun_path[i]=path_log[i];
+ i++;
+ }
+ sock.sun_path[i]='\0';
+
+ /* Try SOCK_DGRAM connection to syslog */
+ connect_result=-1;
+ DO_SOCKET(log_socket,AF_UNIX,SOCK_DGRAM,0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock)));
+ if (connect_result == -1)
+ {
+ if (log_socket != -1)
+ INLINE_SYSCALL(close,1,log_socket);
+ /* Try SOCK_STREAM connection to syslog */
+ DO_SOCKET(log_socket,AF_UNIX,SOCK_STREAM,0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock)));
+ }
+
+ /* Build message. Messages are generated both in the old style and new style,
+ * so that log watchers that are configured for the old-style message continue
+ * to work.
+ */
+#define strconcat(str) \
+ {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
+ {\
+ message[plen+i]=str[i];\
+ i++;\
+ }\
+ plen+=i;}
+
+ /* R.Henderson post-gcc-4 style message */
+ plen=0;
+ strconcat(msg_ssd);
+ if (__progname != (char *)0)
+ strconcat(__progname)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write,3,log_socket,message,plen);
+
+ /* Dr. Etoh pre-gcc-4 style message */
+ plen=0;
+ if (__progname != (char *)0)
+ strconcat(__progname)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_ssa);
+ strconcat(msg_inf);
+ if (func!=NULL)
+ strconcat(func)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write,3,log_socket,message,plen);
+
+ /* Direct reports to bugs.gentoo.org */
+ plen=0;
+ strconcat(msg_report);
+ message[plen++]='\0';
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write,3,log_socket,message,plen);
+
+ if (log_socket != -1)
+ INLINE_SYSCALL(close,1,log_socket);
+
+ /* Suicide */
+ pid=INLINE_SYSCALL(getpid,0);
+#ifdef SSP_SMASH_DUMPS_CORE
+ /* Remove any user-supplied handler for SIGABRT, before using it */
+ default_abort_act.sa_handler = SIG_DFL;
+ default_abort_act.sa_sigaction = NULL;
+ __sigfillset(&default_abort_act.sa_mask);
+ default_abort_act.sa_flags = 0;
+ /* sigaction doesn't exist on amd64; however rt_sigaction seems to
+ * exist everywhere. rt_sigaction has an extra parameter - the
+ * size of sigset_t.
+ */
+# ifdef __NR_sigation
+ if (INLINE_SYSCALL(sigaction,3,SIGABRT,&default_abort_act,NULL) == 0)
+# else
+ /* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
+ * of the _kernel_ sigset_t which is not the same as the user sigset_t.
+ * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
+ * some reason.
+ */
+# ifdef _KERNEL_NSIG
+ if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_KERNEL_NSIG/8) == 0)
+# else
+ if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_NSIG/8) == 0)
+# endif
+# endif
+ INLINE_SYSCALL(kill,2,pid,SIGABRT);
+#endif
+ /* Note; actions cannot be added to SIGKILL */
+ INLINE_SYSCALL(kill,2,pid,SIGKILL);
+
+ /* In case the kill didn't work, exit anyway
+ * The loop prevents gcc thinking this routine returns
+ */
+ while (1) INLINE_SYSCALL(exit,0);
+}
+
+void
+__attribute__ ((__noreturn__))
+ __stack_chk_fail (void)
+{
+ __hardened_gentoo_stack_chk_fail(NULL,0);
+}
+
+#ifdef ENABLE_OLD_SSP_COMPAT
+void
+__attribute__ ((__noreturn__))
+__stack_smash_handler(char func[], int damaged)
+{
+ __hardened_gentoo_stack_chk_fail(func,damaged);
+}
+#endif
+
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch
new file mode 100644
index 0000000..253a61b
--- /dev/null
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch
@@ -0,0 +1,29 @@
+Prevent default-fPIE from confusing configure into thinking
+PIC code is default. This causes glibc to build both PIC and
+non-PIC code as normal, which on the hardened compiler generates
+PIC and PIE.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+
+--- configure.in
++++ configure.in
+@@ -2145,7 +2145,7 @@
+ # error PIC is default.
+ #endif
+ EOF
+-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
+ pic_default=no
+ fi
+ rm -f conftest.*])
+--- configure
++++ configure
+@@ -7698,7 +7698,7 @@
+ # error PIC is default.
+ #endif
+ EOF
+-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
+ pic_default=no
+ fi
+ rm -f conftest.*
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch
new file mode 100644
index 0000000..420e6fd
--- /dev/null
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch
@@ -0,0 +1,283 @@
+When building glibc PIE (which is not something upstream support),
+several modifications are necessary to the glibc build process.
+
+First, any syscalls in PIEs must be of the PIC variant, otherwise
+textrels ensue. Then, any syscalls made before the initialisation
+of the TLS will fail on i386, as the sysenter variant on i386 uses
+the TLS, giving rise to a chicken-and-egg situation. This patch
+defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
+version is normally used, and uses the non-sysenter version for the brk
+syscall that is performed by the TLS initialisation. Further, the TLS
+initialisation is moved in this case prior to the initialisation of
+dl_osversion, as that requires further syscalls.
+
+csu/libc-start.c: Move initial TLS initialization to before the
+initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
+
+csu/libc-tls.c: Use the no-sysenter version of sbrk when
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
+version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/brk.c: Define a no-sysenter version of brk if
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
+Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+
+--- csu/libc-start.c.orig 2007-01-21 11:51:06.000000000 +0100
++++ csu/libc-start.c 2007-01-21 11:55:57.000000000 +0100
+@@ -28,6 +28,7 @@
+ extern int __libc_multiple_libcs;
+
+ #include <tls.h>
++#include <sysdep.h>
+ #ifndef SHARED
+ # include <dl-osinfo.h>
+ extern void __pthread_initialize_minimal (void)
+@@ -133,6 +134,14 @@
+ # endif
+ _dl_aux_init (auxvec);
+ # endif
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ /* Do the initial TLS initialization before _dl_osversion,
++ since the latter uses the uname syscall. */
++# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP
++ if (__pthread_initialize_minimal)
++# endif
++ __pthread_initialize_minimal ();
++# endif
+ # ifdef DL_SYSDEP_OSCHECK
+ if (!__libc_multiple_libcs)
+ {
+@@ -142,15 +151,17 @@
+ }
+ # endif
+
++# ifndef INTERNAL_SYSCALL_NOSYSENTER
+ /* Initialize the thread library at least a bit since the libgcc
+ functions are using thread functions if these are available and
+ we need to setup errno. If there is no thread library and we
+ handle TLS the function is defined in the libc to initialized the
+ TLS handling. */
+-# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP
++# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP
+ if (__pthread_initialize_minimal)
+-# endif
++# endif
+ __pthread_initialize_minimal ();
++# endif
+ #endif
+
+ # ifndef SHARED
+--- csu/libc-tls.c.orig 2007-01-21 11:37:02.000000000 +0100
++++ csu/libc-tls.c 2007-01-21 12:09:33.000000000 +0100
+@@ -23,6 +23,7 @@
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/param.h>
++#include <sysdep.h>
+
+
+ #ifdef SHARED
+@@ -30,6 +31,9 @@
+ #endif
+
+ #ifdef USE_TLS
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++extern void *__sbrk_nosysenter (intptr_t __delta);
++# endif
+ extern ElfW(Phdr) *_dl_phdr;
+ extern size_t _dl_phnum;
+
+@@ -142,14 +146,26 @@
+
+ The initialized value of _dl_tls_static_size is provided by dl-open.c
+ to request some surplus that permits dynamic loading of modules with
+- IE-model TLS. */
++ IE-model TLS.
++
++ Where the normal sbrk would use a syscall that needs the TLS (i386)
++ use the special non-sysenter version instead. */
+ # if TLS_TCB_AT_TP
+ tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
++# else
+ tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
++# endif
+ # elif TLS_DTV_AT_TP
+ tcb_offset = roundup (tcbsize, align ?: 1);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# else
+ tlsblock = __sbrk (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# endif
+ tlsblock += TLS_PRE_TCB_SIZE;
+ # else
+ /* In case a model with a different layout for the TCB and DTV
+--- misc/sbrk.c.orig 2007-01-21 11:38:27.000000000 +0100
++++ misc/sbrk.c 2007-01-21 12:07:29.000000000 +0100
+@@ -18,6 +18,7 @@
+
+ #include <unistd.h>
+ #include <errno.h>
++#include <sysdep.h>
+
+ /* Defined in brk.c. */
+ extern void *__curbrk;
+@@ -29,6 +30,35 @@
+ /* Extend the process's data space by INCREMENT.
+ If INCREMENT is negative, shrink data space by - INCREMENT.
+ Return start of new space allocated, or -1 for errors. */
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ if the SYSENTER version requires the TLS (which it does on i386).
++ Obviously using the TLS before it is initialised is broken. */
++extern int __brk_nosysenter (void *addr);
++void *
++__sbrk_nosysenter (intptr_t increment)
++{
++ void *oldbrk;
++
++ /* If this is not part of the dynamic library or the library is used
++ via dynamic loading in a statically linked program update
++ __curbrk from the kernel's brk value. That way two separate
++ instances of __brk and __sbrk can share the heap, returning
++ interleaved pieces of it. */
++ if (__curbrk == NULL || __libc_multiple_libcs)
++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
++ return (void *) -1;
++
++ if (increment == 0)
++ return __curbrk;
++
++ oldbrk = __curbrk;
++ if (__brk_nosysenter (oldbrk + increment) < 0)
++ return (void *) -1;
++
++ return oldbrk;
++}
++#endif
+ void *
+ __sbrk (intptr_t increment)
+ {
+--- sysdeps/unix/sysv/linux/i386/brk.c.orig 2007-01-21 11:39:16.000000000 +0100
++++ sysdeps/unix/sysv/linux/i386/brk.c 2007-01-21 11:44:01.000000000 +0100
+@@ -31,6 +31,30 @@
+ linker. */
+ weak_alias (__curbrk, ___brk_addr)
+
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ * if the SYSENTER version requires the TLS (which it does on i386).
++ * Obviously using the TLS before it is initialised is broken. */
++int
++__brk_nosysenter (void *addr)
++{
++ void *__unbounded newbrk;
++
++ INTERNAL_SYSCALL_DECL (err);
++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
++ __ptrvalue (addr));
++
++ __curbrk = newbrk;
++
++ if (newbrk < addr)
++ {
++ __set_errno (ENOMEM);
++ return -1;
++ }
++
++ return 0;
++}
++#endif
+ int
+ __brk (void *addr)
+ {
+--- sysdeps/unix/sysv/linux/i386/sysdep.h.orig 2007-01-21 13:08:00.000000000 +0100
++++ sysdeps/unix/sysv/linux/i386/sysdep.h 2007-01-21 13:19:10.000000000 +0100
+@@ -187,7 +187,7 @@
+ /* The original calling convention for system calls on Linux/i386 is
+ to use int $0x80. */
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
+ # else
+ # define ENTER_KERNEL call *_dl_sysinfo
+@@ -358,7 +358,7 @@
+ possible to use more than four parameters. */
+ #undef INTERNAL_SYSCALL
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+@@ -384,6 +384,18 @@
+ : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
+ ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
++ ({ \
++ register unsigned int resultvar; \
++ EXTRAVAR_##nr \
++ asm volatile ( \
++ LOADARGS_NOSYSENTER_##nr \
++ "movl %1, %%eax\n\t" \
++ "int $0x80\n\t" \
++ RESTOREARGS_NOSYSENTER_##nr \
++ : "=a" (resultvar) \
++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
++ (int) resultvar; })
+ # else
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+@@ -447,12 +459,20 @@
+
+ #define LOADARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k3, %k3\n\t"
+ # define LOADARGS_5 \
+ "movl %%ebx, %4\n\t" \
+ "movl %3, %%ebx\n\t"
++# define LOADARGS_NOSYSENTER_1 \
++ "bpushl .L__X'%k2, %k2\n\t"
++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
++# define LOADARGS_NOSYSENTER_3 LOADARGS_3
++# define LOADARGS_NOSYSENTER_4 LOADARGS_3
++# define LOADARGS_NOSYSENTER_5 \
++ "movl %%ebx, %3\n\t" \
++ "movl %2, %%ebx\n\t"
+ # else
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+@@ -474,11 +495,18 @@
+
+ #define RESTOREARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k3, %k3\n\t"
+ # define RESTOREARGS_5 \
+ "movl %4, %%ebx"
++# define RESTOREARGS_NOSYSENTER_1 \
++ "bpopl .L__X'%k2, %k2\n\t"
++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_5 \
++ "movl %3, %%ebx"
+ # else
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
index 2db9099..280d6e1 100644
--- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
@@ -1,18 +1,23 @@
- Change link commands for glibc executables to build PIEs
- Kevin F. Quinn <kevquinn@gentoo.org> 17 Jan 2007
+Change link commands for glibc executables to build PIEs
---- Makeconfig.orig 2007-01-19 11:45:48.000000000 +0100
-+++ Makeconfig 2007-01-19 11:46:29.000000000 +0100
-@@ -427,7 +427,7 @@
- +link = $(CC) -nostdlib -nostartfiles -o $@ \
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+
+--- Makeconfig
++++ Makeconfig
+@@ -415,10 +415,10 @@
+
+ # Command for linking programs with the C library.
+ ifndef +link
+-+link = $(CC) -nostdlib -nostartfiles -o $@ \
+++link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \
$(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
- $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
+ $(combreloc-LDFLAGS) $(relro-LDFLAGS) \
- $(addprefix $(csu-objpfx),$(start-installed-name)) \
+ $(addprefix $(csu-objpfx),S$(start-installed-name)) \
$(+preinit) $(+prector) \
$(filter-out $(addprefix $(csu-objpfx),start.o \
$(start-installed-name))\
-@@ -439,7 +439,7 @@
+@@ -429,7 +429,7 @@
ifndef +link-static
+link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
@@ -21,7 +26,7 @@
$(+preinit) $(+prector) \
$(filter-out $(addprefix $(csu-objpfx),start.o \
$(start-installed-name))\
-@@ -537,8 +537,8 @@
+@@ -528,8 +528,8 @@
ifeq ($(elf),yes)
+preinit = $(addprefix $(csu-objpfx),crti.o)
+postinit = $(addprefix $(csu-objpfx),crtn.o)
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/digest-glibc-2.5-r1 b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/digest-glibc-2.5-r1
index 3a8d8d5..5aac065 100644
--- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/digest-glibc-2.5-r1
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/digest-glibc-2.5-r1
@@ -1,6 +1,6 @@
-MD5 44d6ca4466391666849fbc175bdb7c86 glibc-2.5-patches-1.3.2.tar.bz2 182152
-RMD160 af497b417d05c0e8c26174d3db053f3192936ef6 glibc-2.5-patches-1.3.2.tar.bz2 182152
-SHA256 20fa70f908011a5c9c0fade0e4489263550153722938a730669fad93c81865ff glibc-2.5-patches-1.3.2.tar.bz2 182152
+MD5 e52928305eee8be9bfc18201e8e1ce85 glibc-2.5-patches-1.4.tar.bz2 527303
+RMD160 08e219988bfa5aba2eea057f412a615d8531095b glibc-2.5-patches-1.4.tar.bz2 527303
+SHA256 5d0ab0634d4f9dd9016b86fda3ac469e9511267181ed7d9c409a6e9c392bc3e0 glibc-2.5-patches-1.4.tar.bz2 527303
MD5 1fb29764a6a650a4d5b409dda227ac9f glibc-2.5.tar.bz2 15321839
RMD160 25a0a460c0db1e5b7c570e5087461696f2096fd2 glibc-2.5.tar.bz2 15321839
SHA256 9b2e12bb1eafb55ab2e5a868532b8e6ec39216c66c25b8998d7474bc4d4eb529 glibc-2.5.tar.bz2 15321839
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild
index 6feb1dc..3c4d361 100644
--- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5.ebuild,v 1.38 2007/03/01 02:21:06 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.1 2007/03/13 06:09:44 vapier Exp $
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
@@ -16,7 +16,7 @@
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
-KEYWORDS="-* ~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86"
+KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86"
BRANCH_UPDATE=""
@@ -27,7 +27,7 @@ GLIBC_MANPAGE_VERSION="none"
GLIBC_INFOPAGE_VERSION="none"
# Gentoo patchset
-PATCH_VER="1.3.2"
+PATCH_VER="1.4"
GENTOO_TOOLCHAIN_BASE_URI="mirror://gentoo"
GENTOO_TOOLCHAIN_DEV_URI="http://dev.gentoo.org/~azarah/glibc/XXX http://dev.gentoo.org/~vapier/dist/XXX"
@@ -218,33 +218,32 @@ toolchain-glibc_src_unpack() {
echo "Gentoo patchset ${PATCH_VER}" > csu/Banner
fi
- if use hardened; then
+ if use hardened ; then
+ cd "${S}"
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
- # This patch forces all links to use the PIC crtfiles, to build PIEs.
- epatch ${FILESDIR}/2.5/glibc-2.5-hardened-pie.patch
- # This patch fixes the PIC detector to ignore PIE
- epatch ${FILESDIR}/2.4/glibc-2.4-hardened-configure-picdefault.patch
- # This patch ensures PIC code is used for syscalls always, and
- # re-orders initialisation so that the TLS is initialised before
- # it is used, and that the TLS initialisation uses non-sysenter
- # variants of syscalls.
- epatch ${FILESDIR}/2.4/glibc-2.4-hardened-inittls-nosysenter.patch
+ epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
+ epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch
+ epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-inittls-nosysenter.patch
einfo "Installing Hardened Gentoo SSP handler"
- cp -f ${FILESDIR}/2.4/glibc-2.4-gentoo-stack_chk_fail.c \
- ${S}/debug/stack_chk_fail.c
+ cp -f "${FILESDIR}"/2.5/glibc-2.4-gentoo-stack_chk_fail.c \
+ debug/stack_chk_fail.c || die
- if use debug; then
+ if use debug ; then
# When using Hardened Gentoo stack handler, have smashes dump core for
- # analysis - debug only, as core could be an information leak.
- sed -i -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
- ${S}/debug/Makefile ||
- die "Failed to modify debug/Makefile for debug stack handler"
+ # analysis - debug only, as core could be an information leak
+ # (paranoia).
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug stack handler"
fi
# Build nscd with ssp-all
- sed -i -e 's:-fstack-protector$:-fstack-protector-all:' ${S}/nscd/Makefile ||
- die "Failed to ensure nscd builds with ssp-all"
+ sed -i \
+ -e 's:-fstack-protector$:-fstack-protector-all:' \
+ nscd/Makefile \
+ || die "Failed to ensure nscd builds with ssp-all"
# Fixup use of PIC to choose PIC variants when built -fPIE.
# Prepends all files that have "#ifdef PIC" or similar, with
@@ -456,11 +455,11 @@ toolchain-glibc_src_install() {
case $(tc-arch) in
amd64)
[[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR amd64) /lib
- dosym /$(get_abi_LIBDIR x86)/ld-linux.so.2 /lib/ld-linux.so.2
+ dosym ../$(get_abi_LIBDIR x86)/ld-linux.so.2 /lib/ld-linux.so.2
;;
ppc64)
[[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR ppc64) /lib
- dosym /$(get_abi_LIBDIR ppc)/ld.so.1 /lib/ld.so.1
+ dosym ../$(get_abi_LIBDIR ppc)/ld.so.1 /lib/ld.so.1
;;
esac
fi
@@ -861,7 +860,7 @@ glibc_do_configure() {
use nls || myconf="${myconf} --disable-nls"
myconf="${myconf} $(use_enable hardened stackguard-randomization)"
- if [[ $(<"${S}"/.ssp.compat) == "yes" ]] ; then
+ if [[ $(<"${T}"/.ssp.compat) == "yes" ]] ; then
myconf="${myconf} --enable-old-ssp-compat"
else
myconf="${myconf} --disable-old-ssp-compat"
@@ -1061,7 +1060,7 @@ if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
fi
fi
else
- DEPEND="${DEPEND} sys-libs/timezone-data"
+ DEPEND="${DEPEND} >=sys-libs/timezone-data-2007c"
RDEPEND="${RDEPEND} sys-libs/timezone-data"
fi
@@ -1114,7 +1113,7 @@ src_unpack() {
# For now, we force everyone to have the extra symbols
# einfon "Scanning system for __guard to see if we need SSP compat ... "
# if [[ -n $(scanelf -qyls__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then
- echo "yes" > "${S}"/.ssp.compat
+ echo "yes" > "${T}"/.ssp.compat
# else
# # ok, a quick scan didnt find it, so lets do a deep scan ...
# if [[ -n $(scanelf -qyRlps__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then
@@ -1134,14 +1133,6 @@ src_unpack() {
sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh"
fi
- # Some configure checks fail on the first emerge through because they
- # try to link. This doesn't work well if we don't have a libc yet.
- # http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html
- if is_crosscompile && use build; then
- rm "${S}"/sysdeps/sparc/sparc64/elf/configure{,.in}
- rm "${S}"/nptl/sysdeps/pthread/configure{,.in}
- fi
-
cd "${WORKDIR}"
find . -type f '(' -size 0 -o -name "*.orig" ')' -exec rm -f {} \;
find . -name configure -exec touch {} \;