From 37ceb5506218afac0c7f820a6f80f0f5839be4ce Mon Sep 17 00:00:00 2001 From: "Kevin F. Quinn" Date: Tue, 13 Mar 2007 07:24:29 +0000 Subject: Update in line with gentoo-x86 glibc-2.5-r1 svn path=/; revision=191 --- .../branches/pieworld/sys-libs/glibc/Manifest | 48 ++-- .../files/2.5/glibc-2.5-gentoo-stack_chk_fail.c | 311 +++++++++++++++++++++ .../glibc-2.5-hardened-configure-picdefault.patch | 29 ++ .../glibc-2.5-hardened-inittls-nosysenter.patch | 283 +++++++++++++++++++ .../glibc/files/2.5/glibc-2.5-hardened-pie.patch | 23 +- .../sys-libs/glibc/files/digest-glibc-2.5-r1 | 6 +- .../pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild | 61 ++-- 7 files changed, 690 insertions(+), 71 deletions(-) create mode 100644 hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c create mode 100644 hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch create mode 100644 hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest b/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest index 5d6448d..b144c84 100644 --- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest @@ -1,23 +1,23 @@ -AUX 2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058 RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 SHA1 ff92b7b6cb4a364dbe81c5110da79d1ad56a72ba SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df -MD5 24dfc0b6f2725063612ea5e4e346b6f3 files/2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058 -RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 files/2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058 -SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df files/2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058 -AUX 2.4/glibc-2.4-hardened-configure-picdefault.patch 955 RMD160 dfa5dd2c09076318b7b6f53dbdf68877ebe7c258 SHA1 0723da00f5637618a11734a65eff43fa28a908e1 SHA256 3314216ca2994c80f223c091bee79a06f444faf317c16eb7bbc594fa23425657 -MD5 960090668e9700a4095a79907b227b3c files/2.4/glibc-2.4-hardened-configure-picdefault.patch 955 -RMD160 dfa5dd2c09076318b7b6f53dbdf68877ebe7c258 files/2.4/glibc-2.4-hardened-configure-picdefault.patch 955 -SHA256 3314216ca2994c80f223c091bee79a06f444faf317c16eb7bbc594fa23425657 files/2.4/glibc-2.4-hardened-configure-picdefault.patch 955 -AUX 2.4/glibc-2.4-hardened-inittls-nosysenter.patch 9436 RMD160 7f0c48ca72deae8d5ae4074765c93117814f7eaa SHA1 3c5b5fb599d621b2803ef6ff93b355cd16929ddd SHA256 1f777d27370e1868db88a0801ee9f1acae5295b2ec87754e861fa934fd290645 -MD5 c76c013b30eff912af508f7274cb4dd8 files/2.4/glibc-2.4-hardened-inittls-nosysenter.patch 9436 -RMD160 7f0c48ca72deae8d5ae4074765c93117814f7eaa files/2.4/glibc-2.4-hardened-inittls-nosysenter.patch 9436 -SHA256 1f777d27370e1868db88a0801ee9f1acae5295b2ec87754e861fa934fd290645 files/2.4/glibc-2.4-hardened-inittls-nosysenter.patch 9436 AUX 2.4/glibc-2.4-hardened-pie.patch 1629 RMD160 cd0dfdb10a86560d4c36ac04b7642b06ae41b3cd SHA1 990fc9a4f88d86f524030bdd2cb953eb781784a3 SHA256 a44ef5ef5490663fea6de10f9ecccbd45f1fb5bdb49abefb49527dfc14fa0977 MD5 51135a389633ff99dbd3f3d715821454 files/2.4/glibc-2.4-hardened-pie.patch 1629 RMD160 cd0dfdb10a86560d4c36ac04b7642b06ae41b3cd files/2.4/glibc-2.4-hardened-pie.patch 1629 SHA256 a44ef5ef5490663fea6de10f9ecccbd45f1fb5bdb49abefb49527dfc14fa0977 files/2.4/glibc-2.4-hardened-pie.patch 1629 -AUX 2.5/glibc-2.5-hardened-pie.patch 1522 RMD160 cd6d0fa46973a7f7b4575946998478d148268a50 SHA1 a231b2154d646d8bd6790771b194a8783d609e35 SHA256 25fc868ba67ba6b6e3476c5786dd493039bb06c70459a5f0c2b12602d294eec3 -MD5 f58815648658826e79ea33722d6c0742 files/2.5/glibc-2.5-hardened-pie.patch 1522 -RMD160 cd6d0fa46973a7f7b4575946998478d148268a50 files/2.5/glibc-2.5-hardened-pie.patch 1522 -SHA256 25fc868ba67ba6b6e3476c5786dd493039bb06c70459a5f0c2b12602d294eec3 files/2.5/glibc-2.5-hardened-pie.patch 1522 +AUX 2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058 RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 SHA1 ff92b7b6cb4a364dbe81c5110da79d1ad56a72ba SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df +MD5 24dfc0b6f2725063612ea5e4e346b6f3 files/2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058 +RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 files/2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058 +SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df files/2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058 +AUX 2.5/glibc-2.5-hardened-configure-picdefault.patch 794 RMD160 7ab81bac4b9625043b1e7edea6fb5707696c144d SHA1 25a0b018eb44f3c9818876a12e9ec817e305d80b SHA256 0c0359f567e4ad2d3184618bf6ac7e6102b703eab6227c7e9a4ff4dcdeed2c91 +MD5 a16cdc2083bdc31ad63f60045e2cc3ef files/2.5/glibc-2.5-hardened-configure-picdefault.patch 794 +RMD160 7ab81bac4b9625043b1e7edea6fb5707696c144d files/2.5/glibc-2.5-hardened-configure-picdefault.patch 794 +SHA256 0c0359f567e4ad2d3184618bf6ac7e6102b703eab6227c7e9a4ff4dcdeed2c91 files/2.5/glibc-2.5-hardened-configure-picdefault.patch 794 +AUX 2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 RMD160 352112bf4f2d8d58471f22f623784350baf0bc86 SHA1 ae244e9923c0a0e8be4121d593897530c0bf08e8 SHA256 2a912e82445815ae32744d990c59d8758ec74e482b856bd274c292848b9af1fd +MD5 310d9d273a19090287c44a38aba92753 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 +RMD160 352112bf4f2d8d58471f22f623784350baf0bc86 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 +SHA256 2a912e82445815ae32744d990c59d8758ec74e482b856bd274c292848b9af1fd files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 +AUX 2.5/glibc-2.5-hardened-pie.patch 1548 RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da SHA1 0bb184451121d130be9e1888d081c556edcb88d3 SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00 +MD5 8d7eadd996eec8fa9939658404ee386d files/2.5/glibc-2.5-hardened-pie.patch 1548 +RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da files/2.5/glibc-2.5-hardened-pie.patch 1548 +SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00 files/2.5/glibc-2.5-hardened-pie.patch 1548 AUX nscd 1621 RMD160 f6d20c4c3814f70d7741f3fa2e0b53ba32c37960 SHA1 5751fe798024c2021b7b3ed3e798618e2a38244a SHA256 6165db3a2fcb251d4f3655c0461e018ce9c92a37f7f22a8fd2b75178b5435bc8 MD5 d142c6e0b4fd508f485d0aa9c5d12a91 files/nscd 1621 RMD160 f6d20c4c3814f70d7741f3fa2e0b53ba32c37960 files/nscd 1621 @@ -30,15 +30,15 @@ AUX nsswitch.conf 503 RMD160 f375f92f6b41029c93382c39cef896261b140cfc SHA1 42f7f MD5 8d58079469aedb014a800101ef60558f files/nsswitch.conf 503 RMD160 f375f92f6b41029c93382c39cef896261b140cfc files/nsswitch.conf 503 SHA256 6c38b8642d5da884327ad678d0351d57be3621562253bd9711394bad87e45e2d files/nsswitch.conf 503 -DIST glibc-2.5-patches-1.3.2.tar.bz2 182152 RMD160 af497b417d05c0e8c26174d3db053f3192936ef6 SHA1 f1b5dff0659bd3dc02e44186948f9f05a6b6e9cc SHA256 20fa70f908011a5c9c0fade0e4489263550153722938a730669fad93c81865ff +DIST glibc-2.5-patches-1.4.tar.bz2 527303 RMD160 08e219988bfa5aba2eea057f412a615d8531095b SHA1 6fbfeb1468f5a8f9dca73a1a6314de202d753e63 SHA256 5d0ab0634d4f9dd9016b86fda3ac469e9511267181ed7d9c409a6e9c392bc3e0 DIST glibc-2.5.tar.bz2 15321839 RMD160 25a0a460c0db1e5b7c570e5087461696f2096fd2 SHA1 ec9a007c4875062099a4701ac9137fcdb5a71447 SHA256 9b2e12bb1eafb55ab2e5a868532b8e6ec39216c66c25b8998d7474bc4d4eb529 DIST glibc-libidn-2.5.tar.bz2 102330 RMD160 e10e85e0ee7cdab2e5518a93978cb688ccabee88 SHA1 ee7e019e01aa338e28db1eeb34abb2cb09d2f30a SHA256 de77e49e0beee6061d4c6e480f322566ba25d4e5e018c456a18ea4a8da5c0ede DIST glibc-linuxthreads-2.5.tar.bz2 242445 RMD160 788484d035d53ac39aac18f6e3409a912eea1cfa SHA1 eb7765e5c0a14c7475f1c8b92cbe1f625a8fd76f SHA256 ee27aeba6124a8b351c720eb898917f0f8874d9a384cc2f17aa111a3d679bd2c DIST glibc-ports-2.5.tar.bz2 409372 RMD160 e7e29df135a5f0f72760d10e5ad46de038e40725 SHA1 7da6257e641759ed29c4d316700fce6f604bc812 SHA256 80c38a005325e7539012bd665fb8e06af9ee9bfc74efb236ebff121265bfd463 -EBUILD glibc-2.5-r1.ebuild 39927 RMD160 46506b8d94e7c9134ee738f25414b340936485ec SHA1 114c5afd352128e8add1f63be3c92d5b97f6f056 SHA256 949cf1859506d85fecff8000cf2eb10a739d3a48f66518c949fd2f3e883b5d42 -MD5 d46d28b4b7f80169c482fd932046ccec glibc-2.5-r1.ebuild 39927 -RMD160 46506b8d94e7c9134ee738f25414b340936485ec glibc-2.5-r1.ebuild 39927 -SHA256 949cf1859506d85fecff8000cf2eb10a739d3a48f66518c949fd2f3e883b5d42 glibc-2.5-r1.ebuild 39927 -MD5 5b7e320e8b8b1a96ace60aa95385c122 files/digest-glibc-2.5-r1 1286 -RMD160 6302561abceb3a88449dfe74bd6f2e373f00dec3 files/digest-glibc-2.5-r1 1286 -SHA256 c20b8f42085597085e3589fbfd2dc5351f0c63a5492a55f82b59a1481b2a28f3 files/digest-glibc-2.5-r1 1286 +EBUILD glibc-2.5-r1.ebuild 39299 RMD160 c0d85a895e0d6f83e02348af5f54060dfcbc54af SHA1 06079608991c99008091b9d1c824f541bb82ec9a SHA256 a4a0643cfc7cfdc8e3d946e71eb7d4df04d5f585d495ab87794ffdc983a005e5 +MD5 d96ad308c47b08eec3713cc1a7628edd glibc-2.5-r1.ebuild 39299 +RMD160 c0d85a895e0d6f83e02348af5f54060dfcbc54af glibc-2.5-r1.ebuild 39299 +SHA256 a4a0643cfc7cfdc8e3d946e71eb7d4df04d5f585d495ab87794ffdc983a005e5 glibc-2.5-r1.ebuild 39299 +MD5 30fc9163b2a49cb4a083d02feace4918 files/digest-glibc-2.5-r1 1280 +RMD160 74d079011c9a8d9155cd5f51591ca3a04cb9df26 files/digest-glibc-2.5-r1 1280 +SHA256 b0af33330bd44dd7acd6f4aec9039d61b7fe9de005a8cf6edf63ee399cdeaa72 files/digest-glibc-2.5-r1 1280 diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c new file mode 100644 index 0000000..e304440 --- /dev/null +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c @@ -0,0 +1,311 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP handler, from which this implementation draws much: + * + * Ned Ludd - + * Alexander Gabert - + * The PaX Team - + * Peter S. Mazinger - + * Yoann Vandoorselaere - + * Robert Connolly - + * Cory Visi + * Mike Frysinger + */ + +#include +#include +#include +#include + +#include + +#include +#include +#include + +#include + +#include +/* from sysdeps */ +#include +/* for the stuff in bits/socket.h */ +#include +#include + + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigation && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +#endif + + + +/* Define DO_SOCKET/DO_CONNECT macros to deal with socketcall vs socket/connect */ +#ifdef __NR_socketcall + +# define DO_SOCKET(result,domain,type,protocol) \ + {socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall,2,SOCKOP_socket,socketargs);} + +# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \ + {socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall,2,SOCKOP_connect,socketargs);} + +#else + +# define DO_SOCKET(result,domain,type,protocol) \ + {result = INLINE_SYSCALL(socket,3,domain,type,protocol);} + +# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \ + {result = INLINE_SYSCALL(connect,3,sockfd,serv_addr,addrlen);} + +#endif +/* __NR_socketcall */ + + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[]=_PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = ""; +#else +extern char *__progname; +#endif + + +/* Common handler code, used by stack_chk_fail and __stack_smash_handler + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +static inline void +__attribute__ ((__noreturn__ , __always_inline__)) +__hardened_gentoo_stack_chk_fail (char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[]=": stack smashing attack"; + static const char msg_inf[]=" in function "; + static const char msg_ssd[]="*** stack smashing detected ***: "; + static const char msg_terminated[]=" - terminated\n"; + static const char msg_report[]="Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[]=""; +#ifdef SSP_SMASH_DUMPS_CORE + static struct sigaction default_abort_act; +#endif + static int log_socket, connect_result; + static struct sockaddr_un sock; +#ifdef __NR_socketcall + static unsigned long int socketargs[4]; +#endif + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i=0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) + { + sock.sun_path[i]=path_log[i]; + i++; + } + sock.sun_path[i]='\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result=-1; + DO_SOCKET(log_socket,AF_UNIX,SOCK_DGRAM,0); + if (log_socket != -1) + DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock))); + if (connect_result == -1) + { + if (log_socket != -1) + INLINE_SYSCALL(close,1,log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket,AF_UNIX,SOCK_STREAM,0); + if (log_socket != -1) + DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock))); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen=0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen); + if (connect_result != -1) + INLINE_SYSCALL(write,3,log_socket,message,plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen=0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func!=NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen); + if (connect_result != -1) + INLINE_SYSCALL(write,3,log_socket,message,plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen); + if (connect_result != -1) + INLINE_SYSCALL(write,3,log_socket,message,plen); + + if (log_socket != -1) + INLINE_SYSCALL(close,1,log_socket); + + /* Suicide */ + pid=INLINE_SYSCALL(getpid,0); +#ifdef SSP_SMASH_DUMPS_CORE + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + /* sigaction doesn't exist on amd64; however rt_sigaction seems to + * exist everywhere. rt_sigaction has an extra parameter - the + * size of sigset_t. + */ +# ifdef __NR_sigation + if (INLINE_SYSCALL(sigaction,3,SIGABRT,&default_abort_act,NULL) == 0) +# else + /* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG + if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_KERNEL_NSIG/8) == 0) +# else + if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_NSIG/8) == 0) +# endif +# endif + INLINE_SYSCALL(kill,2,pid,SIGABRT); +#endif + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill,2,pid,SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) INLINE_SYSCALL(exit,0); +} + +void +__attribute__ ((__noreturn__)) + __stack_chk_fail (void) +{ + __hardened_gentoo_stack_chk_fail(NULL,0); +} + +#ifdef ENABLE_OLD_SSP_COMPAT +void +__attribute__ ((__noreturn__)) +__stack_smash_handler(char func[], int damaged) +{ + __hardened_gentoo_stack_chk_fail(func,damaged); +} +#endif + diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch new file mode 100644 index 0000000..253a61b --- /dev/null +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch @@ -0,0 +1,29 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn + +--- configure.in ++++ configure.in +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + pic_default=no + fi + rm -f conftest.* diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch new file mode 100644 index 0000000..420e6fd --- /dev/null +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch @@ -0,0 +1,283 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_NOSYSENTER is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn + +--- csu/libc-start.c.orig 2007-01-21 11:51:06.000000000 +0100 ++++ csu/libc-start.c 2007-01-21 11:55:57.000000000 +0100 +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include ++#include + #ifndef SHARED + # include + extern void __pthread_initialize_minimal (void) +@@ -133,6 +134,14 @@ + # endif + _dl_aux_init (auxvec); + # endif ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP ++ if (__pthread_initialize_minimal) ++# endif ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -142,15 +151,17 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_NOSYSENTER + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. If there is no thread library and we + handle TLS the function is defined in the libc to initialized the + TLS handling. */ +-# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP ++# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP + if (__pthread_initialize_minimal) +-# endif ++# endif + __pthread_initialize_minimal (); ++# endif + #endif + + # ifndef SHARED +--- csu/libc-tls.c.orig 2007-01-21 11:37:02.000000000 +0100 ++++ csu/libc-tls.c 2007-01-21 12:09:33.000000000 +0100 +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + + #ifdef SHARED +@@ -30,6 +31,9 @@ + #endif + + #ifdef USE_TLS ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++extern void *__sbrk_nosysenter (intptr_t __delta); ++# endif + extern ElfW(Phdr) *_dl_phdr; + extern size_t _dl_phnum; + +@@ -142,14 +146,26 @@ + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ + # if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); ++# else + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); ++# endif + # elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align ++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# else + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# endif + tlsblock += TLS_PRE_TCB_SIZE; + # else + /* In case a model with a different layout for the TCB and DTV +--- misc/sbrk.c.orig 2007-01-21 11:38:27.000000000 +0100 ++++ misc/sbrk.c 2007-01-21 12:07:29.000000000 +0100 +@@ -18,6 +18,7 @@ + + #include + #include ++#include + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used ++ via dynamic loading in a statically linked program update ++ __curbrk from the kernel's brk value. That way two separate ++ instances of __brk and __sbrk can share the heap, returning ++ interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif + void * + __sbrk (intptr_t increment) + { +--- sysdeps/unix/sysv/linux/i386/brk.c.orig 2007-01-21 11:39:16.000000000 +0100 ++++ sysdeps/unix/sysv/linux/i386/brk.c 2007-01-21 11:44:01.000000000 +0100 +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ * if the SYSENTER version requires the TLS (which it does on i386). ++ * Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *__unbounded newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, ++ __ptrvalue (addr)); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif + int + __brk (void *addr) + { +--- sysdeps/unix/sysv/linux/i386/sysdep.h.orig 2007-01-21 13:08:00.000000000 +0100 ++++ sysdeps/unix/sysv/linux/i386/sysdep.h 2007-01-21 13:19:10.000000000 +0100 +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +495,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch index 2db9099..280d6e1 100644 --- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch @@ -1,18 +1,23 @@ - Change link commands for glibc executables to build PIEs - Kevin F. Quinn 17 Jan 2007 +Change link commands for glibc executables to build PIEs ---- Makeconfig.orig 2007-01-19 11:45:48.000000000 +0100 -+++ Makeconfig 2007-01-19 11:46:29.000000000 +0100 -@@ -427,7 +427,7 @@ - +link = $(CC) -nostdlib -nostartfiles -o $@ \ +Patch by Kevin F. Quinn + +--- Makeconfig ++++ Makeconfig +@@ -415,10 +415,10 @@ + + # Command for linking programs with the C library. + ifndef +link +-+link = $(CC) -nostdlib -nostartfiles -o $@ \ +++link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \ $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ - $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ + $(combreloc-LDFLAGS) $(relro-LDFLAGS) \ - $(addprefix $(csu-objpfx),$(start-installed-name)) \ + $(addprefix $(csu-objpfx),S$(start-installed-name)) \ $(+preinit) $(+prector) \ $(filter-out $(addprefix $(csu-objpfx),start.o \ $(start-installed-name))\ -@@ -439,7 +439,7 @@ +@@ -429,7 +429,7 @@ ifndef +link-static +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ @@ -21,7 +26,7 @@ $(+preinit) $(+prector) \ $(filter-out $(addprefix $(csu-objpfx),start.o \ $(start-installed-name))\ -@@ -537,8 +537,8 @@ +@@ -528,8 +528,8 @@ ifeq ($(elf),yes) +preinit = $(addprefix $(csu-objpfx),crti.o) +postinit = $(addprefix $(csu-objpfx),crtn.o) diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/digest-glibc-2.5-r1 b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/digest-glibc-2.5-r1 index 3a8d8d5..5aac065 100644 --- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/digest-glibc-2.5-r1 +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/digest-glibc-2.5-r1 @@ -1,6 +1,6 @@ -MD5 44d6ca4466391666849fbc175bdb7c86 glibc-2.5-patches-1.3.2.tar.bz2 182152 -RMD160 af497b417d05c0e8c26174d3db053f3192936ef6 glibc-2.5-patches-1.3.2.tar.bz2 182152 -SHA256 20fa70f908011a5c9c0fade0e4489263550153722938a730669fad93c81865ff glibc-2.5-patches-1.3.2.tar.bz2 182152 +MD5 e52928305eee8be9bfc18201e8e1ce85 glibc-2.5-patches-1.4.tar.bz2 527303 +RMD160 08e219988bfa5aba2eea057f412a615d8531095b glibc-2.5-patches-1.4.tar.bz2 527303 +SHA256 5d0ab0634d4f9dd9016b86fda3ac469e9511267181ed7d9c409a6e9c392bc3e0 glibc-2.5-patches-1.4.tar.bz2 527303 MD5 1fb29764a6a650a4d5b409dda227ac9f glibc-2.5.tar.bz2 15321839 RMD160 25a0a460c0db1e5b7c570e5087461696f2096fd2 glibc-2.5.tar.bz2 15321839 SHA256 9b2e12bb1eafb55ab2e5a868532b8e6ec39216c66c25b8998d7474bc4d4eb529 glibc-2.5.tar.bz2 15321839 diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild index 6feb1dc..3c4d361 100644 --- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5.ebuild,v 1.38 2007/03/01 02:21:06 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.1 2007/03/13 06:09:44 vapier Exp $ # Here's how the cross-compile logic breaks down ... # CTARGET - machine that will target the binaries @@ -16,7 +16,7 @@ # CHOST = CTARGET - install into / # CHOST != CTARGET - install into /usr/CTARGET/ -KEYWORDS="-* ~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86" +KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86" BRANCH_UPDATE="" @@ -27,7 +27,7 @@ GLIBC_MANPAGE_VERSION="none" GLIBC_INFOPAGE_VERSION="none" # Gentoo patchset -PATCH_VER="1.3.2" +PATCH_VER="1.4" GENTOO_TOOLCHAIN_BASE_URI="mirror://gentoo" GENTOO_TOOLCHAIN_DEV_URI="http://dev.gentoo.org/~azarah/glibc/XXX http://dev.gentoo.org/~vapier/dist/XXX" @@ -218,33 +218,32 @@ toolchain-glibc_src_unpack() { echo "Gentoo patchset ${PATCH_VER}" > csu/Banner fi - if use hardened; then + if use hardened ; then + cd "${S}" einfo "Patching to get working PIE binaries on PIE (hardened) platforms" - # This patch forces all links to use the PIC crtfiles, to build PIEs. - epatch ${FILESDIR}/2.5/glibc-2.5-hardened-pie.patch - # This patch fixes the PIC detector to ignore PIE - epatch ${FILESDIR}/2.4/glibc-2.4-hardened-configure-picdefault.patch - # This patch ensures PIC code is used for syscalls always, and - # re-orders initialisation so that the TLS is initialised before - # it is used, and that the TLS initialisation uses non-sysenter - # variants of syscalls. - epatch ${FILESDIR}/2.4/glibc-2.4-hardened-inittls-nosysenter.patch + epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch + epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-inittls-nosysenter.patch einfo "Installing Hardened Gentoo SSP handler" - cp -f ${FILESDIR}/2.4/glibc-2.4-gentoo-stack_chk_fail.c \ - ${S}/debug/stack_chk_fail.c + cp -f "${FILESDIR}"/2.5/glibc-2.4-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die - if use debug; then + if use debug ; then # When using Hardened Gentoo stack handler, have smashes dump core for - # analysis - debug only, as core could be an information leak. - sed -i -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - ${S}/debug/Makefile || - die "Failed to modify debug/Makefile for debug stack handler" + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" fi # Build nscd with ssp-all - sed -i -e 's:-fstack-protector$:-fstack-protector-all:' ${S}/nscd/Makefile || - die "Failed to ensure nscd builds with ssp-all" + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" # Fixup use of PIC to choose PIC variants when built -fPIE. # Prepends all files that have "#ifdef PIC" or similar, with @@ -456,11 +455,11 @@ toolchain-glibc_src_install() { case $(tc-arch) in amd64) [[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR amd64) /lib - dosym /$(get_abi_LIBDIR x86)/ld-linux.so.2 /lib/ld-linux.so.2 + dosym ../$(get_abi_LIBDIR x86)/ld-linux.so.2 /lib/ld-linux.so.2 ;; ppc64) [[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR ppc64) /lib - dosym /$(get_abi_LIBDIR ppc)/ld.so.1 /lib/ld.so.1 + dosym ../$(get_abi_LIBDIR ppc)/ld.so.1 /lib/ld.so.1 ;; esac fi @@ -861,7 +860,7 @@ glibc_do_configure() { use nls || myconf="${myconf} --disable-nls" myconf="${myconf} $(use_enable hardened stackguard-randomization)" - if [[ $(<"${S}"/.ssp.compat) == "yes" ]] ; then + if [[ $(<"${T}"/.ssp.compat) == "yes" ]] ; then myconf="${myconf} --enable-old-ssp-compat" else myconf="${myconf} --disable-old-ssp-compat" @@ -1061,7 +1060,7 @@ if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then fi fi else - DEPEND="${DEPEND} sys-libs/timezone-data" + DEPEND="${DEPEND} >=sys-libs/timezone-data-2007c" RDEPEND="${RDEPEND} sys-libs/timezone-data" fi @@ -1114,7 +1113,7 @@ src_unpack() { # For now, we force everyone to have the extra symbols # einfon "Scanning system for __guard to see if we need SSP compat ... " # if [[ -n $(scanelf -qyls__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then - echo "yes" > "${S}"/.ssp.compat + echo "yes" > "${T}"/.ssp.compat # else # # ok, a quick scan didnt find it, so lets do a deep scan ... # if [[ -n $(scanelf -qyRlps__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then @@ -1134,14 +1133,6 @@ src_unpack() { sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh" fi - # Some configure checks fail on the first emerge through because they - # try to link. This doesn't work well if we don't have a libc yet. - # http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html - if is_crosscompile && use build; then - rm "${S}"/sysdeps/sparc/sparc64/elf/configure{,.in} - rm "${S}"/nptl/sysdeps/pthread/configure{,.in} - fi - cd "${WORKDIR}" find . -type f '(' -size 0 -o -name "*.orig" ')' -exec rm -f {} \; find . -name configure -exec touch {} \; -- cgit v1.2.3-65-gdbad