diff options
author | Benda Xu <heroxbd@gentoo.org> | 2014-11-25 00:36:13 +0900 |
---|---|---|
committer | Benda Xu <heroxbd@gentoo.org> | 2014-11-25 00:41:45 +0900 |
commit | dfa928e8f09cb249faba9ebc431a953ad4065a7a (patch) | |
tree | 5c0787a998a9fb085f2a3d78a9677b2b22184b64 /sys-libs/glibc/files | |
parent | sys-libs/glibc: import eblits from gx86 (diff) | |
download | heroxbd-dfa928e8f09cb249faba9ebc431a953ad4065a7a.tar.gz heroxbd-dfa928e8f09cb249faba9ebc431a953ad4065a7a.tar.bz2 heroxbd-dfa928e8f09cb249faba9ebc431a953ad4065a7a.zip |
sys-libs/glibc version bump for RAP
Diffstat (limited to 'sys-libs/glibc/files')
10 files changed, 717 insertions, 39 deletions
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c new file mode 100644 index 0000000..a8ab9d8 --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c @@ -0,0 +1,299 @@ +/* Copyright (C) 2004-2014 Free Software Foundation, Inc. + Copyright (C) 2006-2014 Gentoo Foundation Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Hardened Gentoo SSP and FORTIFY handler + + A failure handler that does not use functions from the rest of glibc; + it uses the INTERNAL_SYSCALL methods directly. This helps ensure no + possibility of recursion into the handler. + + Direct all bug reports to http://bugs.gentoo.org/ + + People who have contributed significantly to the evolution of this file: + Ned Ludd - <solar[@]gentoo.org> + Alexander Gabert - <pappy[@]gentoo.org> + The PaX Team - <pageexec[@]freemail.hu> + Peter S. Mazinger - <ps.m[@]gmx.net> + Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + Robert Connolly - <robert[@]linuxfromscratch.org> + Cory Visi <cory[@]visi.name> + Mike Frysinger <vapier[@]gentoo.org> + Magnus Granberg <zorry[@]gentoo.org> + Kevin F. Quinn - <kevquinn[@]gentoo.org> + */ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static const char *__progname = "<ldso>"; +#else +extern const char *__progname; +#endif + +#ifdef GENTOO_SSP_HANDLER +# define ERROR_MSG "stack smashing" +#else +# define ERROR_MSG "buffer overflow" +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__, __always_inline__)) +static inline void +__hardened_gentoo_fail(void) +{ +#define MESSAGE_BUFSIZ 512 + static pid_t pid; + static int plen, i, hlen; + static char message[MESSAGE_BUFSIZ]; + /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */ + static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: "; + static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: "; + static const char msg_terminated[] = " terminated; "; + static const char msg_report[] = "report to " REPORT_BUGS_TO "\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address */ + sock.sun_family = AF_UNIX; + i = 0; + while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) { + sock.sun_path[i] = path_log[i]; + ++i; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + ({ \ + i = 0; \ + while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \ + message[plen + i] = str[i]; \ + ++i; \ + } \ + plen += i; \ + }) + + /* Tersely log the failure */ + plen = 0; + strconcat(msg_header); + hlen = plen; + strconcat(msg_ssd); + if (__progname != NULL) + strconcat(__progname); + else + strconcat(msg_unknown); + strconcat(msg_terminated); + strconcat(msg_report); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen); + if (connect_result != -1) { + INLINE_SYSCALL(write, 3, log_socket, message, plen); + INLINE_SYSCALL(close, 1, log_socket); + } + + /* Time to kill self since we have no idea what is going on */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + /* Remove any user-supplied handler for SIGABRT, before using it. */ +#if 0 + /* + * Note: Disabled because some programs catch & process their + * own crashes. We've already enabled this code path which + * means we want to let core dumps happen. + */ + static struct sigaction default_abort_act; + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) +#endif + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* SIGKILL is only signal which cannot be caught */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway. + * The loop prevents gcc thinking this routine returns. + */ + while (1) + INLINE_SYSCALL(exit, 1, 137); +} + +__attribute__ ((__noreturn__)) +#ifdef GENTOO_SSP_HANDLER +void __stack_chk_fail(void) +#else +void __chk_fail(void) +#endif +{ + __hardened_gentoo_fail(); +} diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c new file mode 100644 index 0000000..4a537bb --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c @@ -0,0 +1,2 @@ +#define GENTOO_SSP_HANDLER +#include <debug/chk_fail.c> diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch new file mode 100644 index 0000000..35eabe9 --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch @@ -0,0 +1,306 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_PRE_TLS is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_PRE_TLS is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> +Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org> +Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org> + +--- a/csu/libc-start.c ++++ b/csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char + } + } + ++# ifdef INTERNAL_SYSCALL_PRE_TLS ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_PRE_TLS + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- a/csu/libc-tls.c ++++ b/csu/libc-tls.c +@@ -22,12 +22,17 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED + #error makefile bug, this file is for static only + #endif + ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif ++ + dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; + + +@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++# define __sbrk __sbrk_nosysenter ++#endif + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV + is defined add another #elif here and in the following #ifs. */ + # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined" + #endif ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++# undef __sbrk ++#endif + + /* Align the TLS block. */ + tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1) +--- a/misc/sbrk.c ++++ b/misc/sbrk.c +@@ -18,6 +18,7 @@ + #include <errno.h> + #include <stdint.h> + #include <unistd.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used via ++ dynamic loading in a statically linked program update __curbrk from the ++ kernel's brk value. That way two separate instances of __brk and __sbrk ++ can share the heap, returning interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif ++ + void * + __sbrk (intptr_t increment) + { +--- a/sysdeps/unix/sysv/linux/i386/brk.c ++++ b/sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif ++ + int + __brk (void *addr) + { +--- a/sysdeps/unix/sysv/linux/i386/sysdep.h ++++ b/sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# ifdef __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# ifdef __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && defined __PIC__ + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +494,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && defined __PIC__ + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" +--- a/sysdeps/i386/nptl/tls.h ++++ b/sysdeps/i386/nptl/tls.h +@@ -189,6 +189,15 @@ + desc->vals[3] = 0x51; + } + ++/* We have no sysenter until the tls is initialized which is a ++ problem for PIC. Thus we need to do the right call depending ++ on the situation. */ ++#ifndef INTERNAL_SYSCALL_PRE_TLS ++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL ++#else ++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS ++#endif ++ + /* Code to initially initialize the thread pointer. This might need + special attention since 'errno' is not yet available and if the + operation can cause a failure 'errno' must not be touched. */ +@@ -209,7 +218,7 @@ + \ + /* Install the TLS. */ \ + INTERNAL_SYSCALL_DECL (err); \ +- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ ++ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ + \ + if (_result == 0) \ + /* We know the index in the GDT, now load the segment register. \ diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-shadow-prefix.patch b/sys-libs/glibc/files/2.20/glibc-2.20-shadow-prefix.patch new file mode 100644 index 0000000..e85848f --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-shadow-prefix.patch @@ -0,0 +1,24 @@ +Index: shadow/Makefile +=================================================================== +--- shadow/Makefile.orig ++++ shadow/Makefile +@@ -36,5 +36,6 @@ CFLAGS-fgetspent_r.c = -fexceptions $(li + CFLAGS-putspent.c = -fexceptions $(libio-mtsafe) + CFLAGS-getspnam.c = -fexceptions + CFLAGS-getspnam_r.c = -fexceptions ++CPPFLAGS-lckpwdf.c = -DSYSCONFDIR='"$(sysconfdir)"' + + include ../Rules +Index: shadow/lckpwdf.c +=================================================================== +--- shadow/lckpwdf.c.orig ++++ shadow/lckpwdf.c +@@ -29,7 +29,7 @@ + + + /* Name of the lock file. */ +-#define PWD_LOCKFILE "/etc/.pwd.lock" ++#define PWD_LOCKFILE SYSCONFDIR "/.pwd.lock" + + /* How long to wait for getting the lock before returning with an + error. */ diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch b/sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch new file mode 100644 index 0000000..2b2de6b --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch @@ -0,0 +1,20 @@ +disable vdso loading in ELF handler unconditionally for some buggy kernel +like that shipped with RHEL(likely CentOS and SL) 5.6 + + https://bugzilla.redhat.com/show_bug.cgi?id=673616 + +Benda Xu <heroxbd@gentoo.org> (24 Nov, 2014) + +Index: work/glibc-2.20/sysdeps/unix/sysv/linux/dl-sysdep.h +=================================================================== +--- work.orig/glibc-2.20/sysdeps/unix/sysv/linux/dl-sysdep.h ++++ work/glibc-2.20/sysdeps/unix/sysv/linux/dl-sysdep.h +@@ -23,7 +23,7 @@ + machines, we should look at it for unwind information even if + we aren't making direct use of it. So enable this across the board. */ + +-#define NEED_DL_SYSINFO_DSO 1 ++#define NEED_DL_SYSINFO_DSO 0 + + + #ifndef __ASSEMBLER__ diff --git a/sys-libs/glibc/files/eblits/common.eblit b/sys-libs/glibc/files/eblits/common.eblit index 2f7471e..6dd5d29 100644 --- a/sys-libs/glibc/files/eblits/common.eblit +++ b/sys-libs/glibc/files/eblits/common.eblit @@ -2,8 +2,35 @@ # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/common.eblit,v 1.45 2014/10/18 23:09:51 vapier Exp $ +# There are many directory offsets here that can lead to confusion. We summarize the senarios in this table +# P:=Prefix X:=Cross-Triplet +# example of configure host: --with-headers +# example of configure target: --libdir +# +# variation phase PX X P solution +# -----------+-------------------+-----------------------+---------------+---------+---------------------------------------- +# host configure EPREFIX/usr/CTARGET/TPREFIX /usr/CTARGET TPREFIX $(alt_prefix) +# target configure TPREFIX NULL TPREFIX $TPREFIX +# -----------+-------------------+-----------------------+---------------+---------+---------------------------------------- +# host install_root D/EPREFIX/usr/CTARGET D/usr/CTARGET D ${D}/$(alt_prefix no-tp) +# -----------+-------------------+-----------------------+---------------+---------+---------------------------------------- +# host ebuild helper ED/ /usr/CTARGET/TPREFIX /usr/CTARGET NULL $(alt_prefix no-ep) +# host file D/EPREFIX/usr/CTARGET/TPREFIX D/usr/CTARGET D/TPREFIX $(alt_prefix) +# +# alt_prefix and TPREFIX in the table are defined as followed + +: ${TPREFIX:=${EPREFIX}} + alt_prefix() { - is_crosscompile && echo /usr/${CTARGET} + # EPREFIX needs to be stripped before passing to portage helpers + local prefix tprefix + if is_crosscompile; then + prefix=$([[ $1 == no-ep ]] || echo ${EPREFIX})/usr/${CTARGET} + [[ $1 == no-tp ]] || tprefix=${TPREFIX} + else + [[ $1 == no-tp ]] || [[ $1 == no-ep ]] || tprefix=${TPREFIX} + fi + echo ${prefix}${tprefix} } if [[ ${EAPI:-0} == [012] ]] ; then @@ -23,7 +50,7 @@ fi # the whole system. # note: intentionally undocumented. alt_headers() { - echo ${ALT_HEADERS:=$(alt_prefix)/usr/include} + echo ${ALT_HEADERS:=$(alt_prefix $@)/usr/include} } alt_build_headers() { if [[ -z ${ALT_BUILD_HEADERS} ]] ; then @@ -40,10 +67,10 @@ alt_build_headers() { } alt_libdir() { - echo $(alt_prefix)/$(get_libdir) + echo $(alt_prefix $@)/$(get_libdir) } alt_usrlibdir() { - echo $(alt_prefix)/usr/$(get_libdir) + echo $(alt_prefix $@)/usr/$(get_libdir) } builddir() { @@ -281,8 +308,8 @@ setup_env() { unset LD_RUN_PATH unset LD_ASSUME_KERNEL - multilib_env ${CTARGET_OPT:-${CTARGET}} if is_crosscompile || tc-is-cross-compiler ; then + multilib_env ${CTARGET_OPT:-${CTARGET}} if ! use multilib ; then MULTILIB_ABIS=${DEFAULT_ABI} else diff --git a/sys-libs/glibc/files/eblits/pkg_postinst.eblit b/sys-libs/glibc/files/eblits/pkg_postinst.eblit index 9e5447d..10bed71 100644 --- a/sys-libs/glibc/files/eblits/pkg_postinst.eblit +++ b/sys-libs/glibc/files/eblits/pkg_postinst.eblit @@ -6,9 +6,9 @@ eblit-glibc-pkg_postinst() { # nothing to do if just installing headers just_headers && return - if ! tc-is-cross-compiler && [[ -x ${ROOT}/usr/sbin/iconvconfig ]] ; then + if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then # Generate fastloading iconv module configuration file. - "${ROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" + "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" fi if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then @@ -17,10 +17,10 @@ eblit-glibc-pkg_postinst() { /sbin/telinit U 2>/dev/null # if the host locales.gen contains no entries, we'll install everything - local locale_list="${ROOT}etc/locale.gen" + local locale_list="${EROOT}etc/locale.gen" if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then ewarn "Generating all locales; edit /etc/locale.gen to save time/space" - locale_list="${ROOT}usr/share/i18n/SUPPORTED" + locale_list="${EROOT}usr/share/i18n/SUPPORTED" fi locale-gen -j $(makeopts_jobs) --config "${locale_list}" fi diff --git a/sys-libs/glibc/files/eblits/pkg_preinst.eblit b/sys-libs/glibc/files/eblits/pkg_preinst.eblit index 0fcb24a..f932b37 100644 --- a/sys-libs/glibc/files/eblits/pkg_preinst.eblit +++ b/sys-libs/glibc/files/eblits/pkg_preinst.eblit @@ -18,7 +18,7 @@ glibc_sanity_check() { # lead to unsafe code execution if the generated prefix is # within a world-writable directory. # (e.g. /var/tmp/portage:${HOSTNAME}) - pushd "${ED}"/$(get_libdir) >/dev/null + pushd "${D}"/$(get_libdir) >/dev/null local x striptest for x in cal date env free ls true uname uptime ; do diff --git a/sys-libs/glibc/files/eblits/src_configure.eblit b/sys-libs/glibc/files/eblits/src_configure.eblit index e0fc185..4c1e305 100644 --- a/sys-libs/glibc/files/eblits/src_configure.eblit +++ b/sys-libs/glibc/files/eblits/src_configure.eblit @@ -106,12 +106,12 @@ glibc_do_configure() { --host=${CTARGET_OPT:-${CTARGET}} $(use_enable profile) $(use_with gd) - --with-headers=$(alt_build_headers) - --prefix=/usr - --libdir=/usr/$(get_libdir) - --mandir=/usr/share/man - --infodir=/usr/share/info - --libexecdir=/usr/$(get_libdir)/misc/glibc + --with-headers="$(alt_build_headers)" + --prefix="${TPREFIX}"/usr + --libdir="${TPREFIX}"/usr/$(get_libdir) + --mandir="${TPREFIX}"/usr/share/man + --infodir="${TPREFIX}"/usr/share/info + --libexecdir="${TPREFIX}"/usr/$(get_libdir)/misc/glibc --with-bugurl=http://bugs.gentoo.org/ --with-pkgversion="$(glibc_banner)" $(use_multiarch || echo --disable-multi-arch) @@ -123,7 +123,7 @@ glibc_do_configure() { # There is no configure option for this and we need to export it # since the glibc build will re-run configure on itself - export libc_cv_slibdir=/$(get_libdir) + export libc_cv_slibdir=${TPREFIX}/$(get_libdir) # We take care of patching our binutils to use both hash styles, # and many people like to force gnu hash style only, so disable @@ -219,8 +219,8 @@ toolchain-glibc_headers_configure() { --enable-bind-now --build=${CBUILD_OPT:-${CBUILD}} --host=${CTARGET_OPT:-${CTARGET}} - --with-headers=$(alt_build_headers) - --prefix=/usr + --with-headers="$(alt_build_headers)" + --prefix="${TPREFIX}"/usr ${EXTRA_ECONF} ) diff --git a/sys-libs/glibc/files/eblits/src_install.eblit b/sys-libs/glibc/files/eblits/src_install.eblit index 8030d93..8df531d 100644 --- a/sys-libs/glibc/files/eblits/src_install.eblit +++ b/sys-libs/glibc/files/eblits/src_install.eblit @@ -6,12 +6,12 @@ toolchain-glibc_src_install() { local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl)) cd "${builddir}" - emake install_root="${D}$(alt_prefix)" install || die + emake install_root="${D}$(alt_prefix no-tp)" install || die if want_linuxthreads && want_nptl ; then einfo "Installing NPTL to $(alt_libdir)/tls/..." cd "$(builddir nptl)" - dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl + dodir $(alt_libdir no-ep)/tls $(alt_usrlibdir no-ep)/nptl local l src_lib for l in libc libm librt libpthread libthread_db ; do @@ -22,33 +22,33 @@ toolchain-glibc_src_install() { else src_lib=$(eval echo */${l}) fi - cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}" - fperms a+rx $(alt_libdir)/tls/${l} - dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib}) + cp -a ${src_lib} "${D}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}" + fperms a+rx $(alt_libdir no-ep)/tls/${l} + dosym ${l} $(alt_libdir no-ep)/tls/$(scanelf -qSF'%S#F' ${src_lib}) # then grab the linker script or the symlink ... - if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then - dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l} + if [[ -L ${D}$(alt_usrlibdir)/${l} ]] ; then + dosym $(alt_libdir no-ep)/tls/${l} $(alt_usrlibdir no-ep)/nptl/${l} else sed \ -e "s:/${l}:/tls/${l}:g" \ -e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \ - "${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l} + "${D}"$(alt_usrlibdir)/${l} > "${D}"$(alt_usrlibdir)/nptl/${l} fi # then grab the static lib ... src_lib=${src_lib/%.so/.a} [[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a} - cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" + cp -a ${src_lib} "${D}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" src_lib=${src_lib/%.a/_nonshared.a} if [[ -e ${src_lib} ]] ; then - cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" + cp -a ${src_lib} "${D}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" fi done # use the nptl linker instead of the linuxthreads one as the linuxthreads # one may lack TLS support and that can be really bad for business - cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp" + cp -a elf/ld.so "${D}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp" fi # We'll take care of the cache ourselves @@ -94,14 +94,14 @@ toolchain-glibc_src_install() { ) ;; esac - if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then - dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib + if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${D}/$(alt_prefix)/lib ]] ; then + dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix no-tp)/lib fi for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do ldso_abi=${ldso_abi_list[i]} has ${ldso_abi} $(get_install_abis) || continue - ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}" + ldso_name="$(alt_prefix no-ep)${ldso_abi_list[i+1]}" if [[ ! -L ${D}/${ldso_name} && ! -e ${D}/${ldso_name} ]] ; then dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name} fi @@ -124,12 +124,12 @@ toolchain-glibc_src_install() { # gcc likes to use relative paths to get to its multilibs like # /usr/lib/../lib64/. So while we don't install any files into # /usr/lib/, we do need it to exist. - cd "${ED}"$(alt_libdir)/.. + cd "${D}"$(alt_libdir)/.. [[ -e lib ]] || mkdir lib - cd "${ED}"$(alt_usrlibdir)/.. + cd "${D}"$(alt_usrlibdir)/.. [[ -e lib ]] || mkdir lib - dosym usr/include $(alt_prefix)/sys-include + dosym usr/include $(alt_prefix no-ep)/sys-include return 0 fi @@ -202,12 +202,12 @@ toolchain-glibc_src_install() { toolchain-glibc_headers_install() { local builddir=$(builddir "headers") cd "${builddir}" - emake install_root="${D}$(alt_prefix)" install-headers || die + emake install_root="${D}$(alt_prefix no-tp)" install-headers || die if ! version_is_at_least 2.16 ; then - insinto $(alt_headers)/bits + insinto $(alt_headers no-ep)/bits doins bits/stdio_lim.h || die fi - insinto $(alt_headers)/gnu + insinto $(alt_headers no-ep)/gnu doins "${S}"/include/gnu/stubs.h || die "doins include gnu" # Make sure we install the sys-include symlink so that when # we build a 2nd stage cross-compiler, gcc finds the target |