summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergei Trofimovich <slyfox@gentoo.org>2017-08-17 22:11:12 +0100
committerSergei Trofimovich <slyfox@gentoo.org>2017-08-17 22:13:19 +0100
commit457d3ddf64abb388ad418793d5b0a9f5dfd80ee8 (patch)
tree457df76e0cd2526d4844378857abcb7ed733959a /sys-libs
parentapp-crypt/rhash: Version bump to 1.3.5, fixes bug #617548 (diff)
downloadgentoo-457d3ddf64abb388ad418793d5b0a9f5dfd80ee8.tar.gz
gentoo-457d3ddf64abb388ad418793d5b0a9f5dfd80ee8.tar.bz2
gentoo-457d3ddf64abb388ad418793d5b0a9f5dfd80ee8.zip
sys-libs/glibc: backport memchr() out-of-bounds fix to 2.25, bug #628100
Backport of upstream patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=ccb4fd7a657b0fbc4890c98f4586d58a135fc583 Reported-by: Aidan Thornton Bug: https://bugs.gentoo.org/628100 Package-Manager: Portage-2.3.7, Repoman-2.3.3
Diffstat (limited to 'sys-libs')
-rw-r--r--sys-libs/glibc/Manifest1
-rw-r--r--sys-libs/glibc/glibc-2.25-r4.ebuild150
2 files changed, 151 insertions, 0 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
index 1373cb56892c..9a8836e41424 100644
--- a/sys-libs/glibc/Manifest
+++ b/sys-libs/glibc/Manifest
@@ -19,5 +19,6 @@ DIST glibc-2.24-patches-8.tar.bz2 71769 SHA256 0a21549ed196c5c03efc37273fb991e19
DIST glibc-2.24.tar.xz 13554048 SHA256 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3 SHA512 a4cb28a2c51a0cc029ed69da7cba11931a615ba897235590b4f7fad2eaabec9042f8250eaac2a5860997437a69ab13304f10a634000e52c0336b5593b7969adb WHIRLPOOL be82b47fc73f7e780e8e73a5f58b313d8e861d5ea8c4320f95ef0d8c1e125ff011d61dcfc0380be0e83868bd8c3299de1ea662da7fc8d709050e89b2c126e3eb
DIST glibc-2.25-patches-5.tar.bz2 44356 SHA256 d9ea3908c8c4d561d22697d9830b4032cbbba46822613d5a3509d3b7e579c016 SHA512 ad3acf760e6cd714fe5d6833b53d8759e09c74ca60fbfd173e87dbb2d1062a5006427ca17db0b6ce695dae03e2ace7dc30992ae9b08e94ae4350b19ea03acdcc WHIRLPOOL 1fa660852f9e42fda956b4924351a532efdca88691cb2855c458e8bb9af1fc3cbdf2eb9c8ce93a7c57fa2d6a7e20b1c1a5c17d29b0d07f8e44e0ed8fdb7db8bc
DIST glibc-2.25-patches-7.tar.bz2 46222 SHA256 af1a3c13409599486d58c531d04d794698b1ac04cc883dbdb0d29af7b44d7ca5 SHA512 21637f3b1a20cef55ce52311bc7b4d60d93b6f04a8d45944ccb9286fc330e262c6f37f729b7f5a5daec588821e8ae330f89cb7f7e84463b4e533aa80f408e415 WHIRLPOOL bc48fa53ddd264559378e8075c42bd38fd49015ac76834aaed7e0ec338dbbba1f4fdc1d2aaea6d53d72bbbaef99920cad489188b95cd0ec06b02ce5def110c11
+DIST glibc-2.25-patches-8.tar.bz2 47110 SHA256 1dc41664153369886d240a1851b15bf0c3c3739c8319e6d68cb0c2f85fc98901 SHA512 41d772c47770a63502c863f3c9bb05164e0ceab69fb7b7f355c25685ae4285d73e9ab0e3836162bd11852339055329d0bdc7238f3191fde39a50ce0d9a60454c WHIRLPOOL c6e0443d75e2e4607226caa4df1ce2b10ef21ec2564b447e2a287888d1f593d51f334a6e1ab942f5d1602d02c6fee87ce4ef9a7db3409de6063bc377a470a42d
DIST glibc-2.25.tar.xz 13873900 SHA256 067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0 SHA512 5b7a2418d5b8a1b6a907c6c7fb6477ee2a473151cb45e03d0d4cdd9a33497c90b1ee39e2e7e885e2b25743dcd3747336ef114b4a73eb001da1fd79f29e0f9a6e WHIRLPOOL dc2fafaa4a0e5581268338453838a03ed0c5e7a2af844e8fb7086ab8d3ae48efbdbe6f25db1d089ae669cd2f8b0412f690d965506753d86f8525da2df59b7953
DIST glibc-9999-patches-3.tar.bz2 19892 SHA256 97f60ed6debd495610b123d7a27227e75942bea1a0fb1e5f78833a6f3bbe6c64 SHA512 75084b86a83d447d3a4b3959fa2a93d849e304ba9473ebec5570ca4fb5e2f8dfb38548faf3abc9fbd29b529f2c608b52eb2ef2e6e9a2ad5bea9a9298a19ef596 WHIRLPOOL 04a5c30aabf72530fa96fa3a8eadf8207d85d3a2a948ba5f4b72c0deeeae24e7eb71b99875f0e9b1018051fabb4a23630b41873fa4ff0d6ba9778ca6051212bf
diff --git a/sys-libs/glibc/glibc-2.25-r4.ebuild b/sys-libs/glibc/glibc-2.25-r4.ebuild
new file mode 100644
index 000000000000..27cd42605ffe
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.25-r4.ebuild
@@ -0,0 +1,150 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit toolchain-glibc
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
+
+LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+RESTRICT="strip" # strip ourself #46186
+EMULTILIB_PKG="true"
+
+# Configuration variables
+RELEASE_VER=""
+case ${PV} in
+9999*)
+ EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
+ EGIT_SOURCEDIRS="${S}"
+ inherit git-2
+ ;;
+*)
+ RELEASE_VER=${PV}
+ ;;
+esac
+GCC_BOOTSTRAP_VER="4.7.3-r1"
+# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/
+PATCH_VER="8" # Gentoo patchset
+: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
+
+IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
+
+# Here's how the cross-compile logic breaks down ...
+# CTARGET - machine that will target the binaries
+# CHOST - machine that will host the binaries
+# CBUILD - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+# CBUILD = CHOST = CTARGET - native build/install
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
+# For install paths:
+# CHOST = CTARGET - install into /
+# CHOST != CTARGET - install into /usr/CTARGET/
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY} == cross-* ]] ; then
+ export CTARGET=${CATEGORY#cross-}
+ fi
+fi
+
+is_crosscompile() {
+ [[ ${CHOST} != ${CTARGET} ]]
+}
+
+# Why SLOT 2.2 you ask yourself while sippin your tea ?
+# Everyone knows 2.2 > 0, duh.
+SLOT="2.2"
+
+# General: We need a new-enough binutils/gcc to match upstream baseline.
+# arch: we need to make sure our binutils/gcc supports TLS.
+COMMON_DEPEND="
+ nscd? ( selinux? (
+ audit? ( sys-process/audit )
+ caps? ( sys-libs/libcap )
+ ) )
+ suid? ( caps? ( sys-libs/libcap ) )
+ selinux? ( sys-libs/libselinux )
+"
+DEPEND="${COMMON_DEPEND}
+ >=app-misc/pax-utils-0.1.10
+ !<sys-apps/sandbox-1.6
+ !<sys-apps/portage-2.1.2"
+RDEPEND="${COMMON_DEPEND}
+ !sys-kernel/ps3-sources
+ sys-apps/gentoo-functions
+ !sys-libs/nss-db"
+
+if [[ ${CATEGORY} == cross-* ]] ; then
+ DEPEND+=" !crosscompile_opts_headers-only? (
+ >=${CATEGORY}/binutils-2.24
+ >=${CATEGORY}/gcc-4.7
+ )"
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
+else
+ DEPEND+="
+ >=sys-devel/binutils-2.24
+ >=sys-devel/gcc-4.7
+ virtual/os-headers"
+ RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
+ PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
+fi
+
+upstream_uris() {
+ echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
+}
+gentoo_uris() {
+ local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI"
+ devspace=${devspace//HTTP/https://dev.gentoo.org/}
+ echo mirror://gentoo/$1 ${devspace//URI/$1}
+}
+SRC_URI=$(
+ [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
+ [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
+)
+SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
+
+src_unpack() {
+ [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
+
+ toolchain-glibc_src_unpack
+}
+
+src_prepare() {
+ toolchain-glibc_src_prepare
+
+ cd "${S}"
+
+ epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
+
+ if use hardened ; then
+ # We don't enable these for non-hardened as the output is very terse --
+ # it only states that a crash happened. The default upstream behavior
+ # includes backtraces and symbols.
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
+ cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
+ cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die
+
+ if use debug ; then
+ # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile || die
+ fi
+ fi
+
+ case $(gcc-fullversion) in
+ 4.8.[0-3]|4.9.0)
+ eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
+ eerror "glibc. See https://bugs.gentoo.org/547420 for details."
+ die "need to switch compilers #547420"
+ ;;
+ esac
+}