diff options
author | Benda Xu <heroxbd@gentoo.org> | 2019-08-25 21:26:27 +0800 |
---|---|---|
committer | Benda Xu <heroxbd@gentoo.org> | 2019-08-25 21:26:58 +0800 |
commit | 19ab6715d42b41ddcb51a3395016e090f03943e9 (patch) | |
tree | bb36a3b251e2c624ca7ccbf0083600676c8f11ec | |
parent | dev-qt/qtimageformats: Drop 5.12.4 (r0) (diff) | |
download | gentoo-19ab6715d42b41ddcb51a3395016e090f03943e9.tar.gz gentoo-19ab6715d42b41ddcb51a3395016e090f03943e9.tar.bz2 gentoo-19ab6715d42b41ddcb51a3395016e090f03943e9.zip |
sys-libs/glibc: add kernel 2.6.16 compatibility patch.
This is only for Prefix on deprecated systems. On thoses
systems, vulnerable kernels are usually used.
Hardened no longer makes sense, remove.
Remove versionator, as it is not used.
Package-Manager: Portage-2.3.73, Repoman-2.3.17
Signed-off-by: Benda Xu <heroxbd@gentoo.org>
4 files changed, 89 insertions, 98 deletions
diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch deleted file mode 100644 index 341d8c5028e1..000000000000 --- a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch +++ /dev/null @@ -1,30 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn <kevquinn@gentoo.org> -Fixed for glibc 2.19 by Magnus Granberg <zorry@ume.nu> - ---- configure.ac -+++ configure.ac -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - libc_cv_pic_default=no - fi - rm -f conftest.*]) ---- configure -+++ configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - libc_cv_pic_default=no - fi - rm -f conftest.* diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch b/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch deleted file mode 100644 index 72a616a046a8..000000000000 --- a/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch +++ /dev/null @@ -1,32 +0,0 @@ -https://bugs.gentoo.org/503838 -http://gcc.gnu.org/PR60465 -https://sourceware.org/ml/libc-alpha/2015-12/msg00556.html -https://trofi.github.io/posts/189-glibc-on-ia64-or-how-relocations-bootstrap.html - -newer versions of gcc generate relocations in the elf_get_dynamic_info func -which glibc relies on to populate some info structs. those structs are then -used by ldso to process relocations in itself. glibc requires that there are -no relocations until that point (*after* elf_get_dynamic_info), so we end up -crashing during elf_get_dynamic_info because the relocation has not yet been -processed. - -this hack shuffles the code in a way that tricks gcc into not generating the -relocation. we need to figure out something better for upstream. - ---- a/elf/get-dynamic-info.h -+++ b/elf/get-dynamic-info.h -@@ -66,8 +66,12 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp) - info[DT_VALTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM - + DT_VERSIONTAGNUM + DT_EXTRANUM] = dyn; - else if ((d_tag_utype) DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM) -- info[DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM -- + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM] = dyn; -+ { -+ d_tag_utype i = -+ DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM -+ + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM; -+ info[i] = dyn; -+ } - ++dyn; - } - diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-compat.patch b/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-compat.patch new file mode 100644 index 000000000000..bf75f80cb7cc --- /dev/null +++ b/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-compat.patch @@ -0,0 +1,85 @@ +Remove newer symbols that does not work on linux-2.6.16. + +This is only for Prefix standalone. + +Index: glibc-2.19/io/sys/stat.h +=================================================================== +--- glibc-2.19.orig/io/sys/stat.h ++++ glibc-2.19/io/sys/stat.h +@@ -361,10 +361,6 @@ extern int mkfifoat (int __fd, const cha + #ifdef __USE_ATFILE + /* Set file access and modification times relative to directory file + descriptor. */ +-extern int utimensat (int __fd, const char *__path, +- const struct timespec __times[2], +- int __flags) +- __THROW __nonnull ((2)); + #endif + + #ifdef __USE_XOPEN2K8 +Index: glibc-2.19/posix/unistd.h +=================================================================== +--- glibc-2.19.orig/posix/unistd.h ++++ glibc-2.19/posix/unistd.h +@@ -419,7 +419,6 @@ extern int pipe (int __pipedes[2]) __THR + #ifdef __USE_GNU + /* Same as pipe but apply flags passed in FLAGS to the new file + descriptors. */ +-extern int pipe2 (int __pipedes[2], int __flags) __THROW __wur; + #endif + + /* Schedule an alarm. In SECONDS seconds, the process will get a SIGALRM. +Index: glibc-2.19/sysdeps/unix/sysv/linux/x86/bits/epoll.h +=================================================================== +--- glibc-2.19.orig/sysdeps/unix/sysv/linux/x86/bits/epoll.h ++++ glibc-2.19/sysdeps/unix/sysv/linux/x86/bits/epoll.h +@@ -19,11 +19,5 @@ + # error "Never use <bits/epoll.h> directly; include <sys/epoll.h> instead." + #endif + +-/* Flags to be passed to epoll_create1. */ +-enum +- { +- EPOLL_CLOEXEC = 02000000 +-#define EPOLL_CLOEXEC EPOLL_CLOEXEC +- }; + + #define __EPOLL_PACKED __attribute__ ((__packed__)) +Index: glibc-2.19/sysdeps/unix/sysv/linux/bits/fcntl-linux.h +=================================================================== +--- glibc-2.19.orig/sysdeps/unix/sysv/linux/bits/fcntl-linux.h ++++ glibc-2.19/sysdeps/unix/sysv/linux/bits/fcntl-linux.h +@@ -187,8 +187,6 @@ + # define F_GETPIPE_SZ 1032 /* Set pipe page size array. */ + #endif + #ifdef __USE_XOPEN2K8 +-# define F_DUPFD_CLOEXEC 1030 /* Duplicate file descriptor with +- close-on-exit set. */ + #endif + + /* For F_[GET|SET]FD. */ +Index: glibc-2.19/sysdeps/unix/sysv/linux/sys/epoll.h +=================================================================== +--- glibc-2.19.orig/sysdeps/unix/sysv/linux/sys/epoll.h ++++ glibc-2.19/sysdeps/unix/sysv/linux/sys/epoll.h +@@ -101,7 +101,6 @@ extern int epoll_create (int __size) __T + + /* Same as epoll_create but with an FLAGS parameter. The unused SIZE + parameter has been dropped. */ +-extern int epoll_create1 (int __flags) __THROW; + + + /* Manipulate an epoll instance "epfd". Returns 0 in case of success, +Index: glibc-2.19/time/sys/time.h +=================================================================== +--- glibc-2.19.orig/time/sys/time.h ++++ glibc-2.19/time/sys/time.h +@@ -140,8 +140,6 @@ extern int utimes (const char *__file, c + + #ifdef __USE_BSD + /* Same as `utimes', but does not follow symbolic links. */ +-extern int lutimes (const char *__file, const struct timeval __tvp[2]) +- __THROW __nonnull ((1)); + + /* Same as `utimes', but takes an open file descriptor instead of a name. */ + extern int futimes (int __fd, const struct timeval __tvp[2]) __THROW; diff --git a/sys-libs/glibc/glibc-2.19-r2.ebuild b/sys-libs/glibc/glibc-2.19-r2.ebuild index 58038d81dd61..a0b75a595e97 100644 --- a/sys-libs/glibc/glibc-2.19-r2.ebuild +++ b/sys-libs/glibc/glibc-2.19-r2.ebuild @@ -3,7 +3,7 @@ EAPI=6 -inherit prefix eutils versionator toolchain-funcs flag-o-matic gnuconfig usr-ldscript \ +inherit prefix eutils toolchain-funcs flag-o-matic gnuconfig usr-ldscript \ multilib systemd multiprocessing DESCRIPTION="GNU libc C library" @@ -32,7 +32,7 @@ PATCH_VER=9 SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.bz2" SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 )" -IUSE="audit caps compile-locales debug doc gd hardened headers-only multilib nscd profile selinux suid systemtap vanilla" +IUSE="audit caps compile-locales debug doc gd headers-only multilib nscd profile selinux suid systemtap vanilla" # Minimum kernel version that glibc requires # hppa requires 2.6.20 @@ -368,21 +368,6 @@ setup_flags() { filter-flags '-fstack-protector*' append-flags '-fno-stack-protector' - - # Starting with gcc-6 (and fully upstreamed pie patches) we control - # default enabled/disabled pie via use flags. So nothing to do - # here then. #618160 - if [[ $(gcc-major-version) -lt 6 ]]; then - if use hardened && tc-enables-pie ; then - # Force PIC macro definition for all compilations since they're all - # either -fPIC or -fPIE with the default-PIE compiler. - append-cppflags -DPIC - else - # Don't build -fPIE without the default-PIE compiler and the - # hardened-pie patch - filter-flags -fPIE - fi - fi } want_tls() { @@ -757,6 +742,8 @@ src_prepare() { gnuconfig_update + eapply "${FILESDIR}"/2.19/glibc-2.19-kernel-2.6.16-compat.patch + cd "${WORKDIR}" find . -name configure -exec touch {} + @@ -764,25 +751,6 @@ src_prepare() { # Fix permissions on some of the scripts. chmod u+x "${S}"/scripts/*.sh - - cd "${S}" - - if use hardened ; then - # We don't enable these for non-hardened as the output is very terse -- - # it only states that a crash happened. The default upstream behavior - # includes backtraces and symbols. - einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" - cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die - cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die - - if use debug ; then - # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. - sed -i \ - -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - debug/Makefile || die - fi - fi } glibc_do_configure() { |