diff options
author | Sergei Trofimovich <slyfox@gentoo.org> | 2017-08-17 22:11:12 +0100 |
---|---|---|
committer | Sergei Trofimovich <slyfox@gentoo.org> | 2017-08-17 22:13:19 +0100 |
commit | 457d3ddf64abb388ad418793d5b0a9f5dfd80ee8 (patch) | |
tree | 457df76e0cd2526d4844378857abcb7ed733959a /sys-libs | |
parent | app-crypt/rhash: Version bump to 1.3.5, fixes bug #617548 (diff) | |
download | gentoo-457d3ddf64abb388ad418793d5b0a9f5dfd80ee8.tar.gz gentoo-457d3ddf64abb388ad418793d5b0a9f5dfd80ee8.tar.bz2 gentoo-457d3ddf64abb388ad418793d5b0a9f5dfd80ee8.zip |
sys-libs/glibc: backport memchr() out-of-bounds fix to 2.25, bug #628100
Backport of upstream patch:
https://sourceware.org/git/?p=glibc.git;a=commit;h=ccb4fd7a657b0fbc4890c98f4586d58a135fc583
Reported-by: Aidan Thornton
Bug: https://bugs.gentoo.org/628100
Package-Manager: Portage-2.3.7, Repoman-2.3.3
Diffstat (limited to 'sys-libs')
-rw-r--r-- | sys-libs/glibc/Manifest | 1 | ||||
-rw-r--r-- | sys-libs/glibc/glibc-2.25-r4.ebuild | 150 |
2 files changed, 151 insertions, 0 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest index 1373cb56892c..9a8836e41424 100644 --- a/sys-libs/glibc/Manifest +++ b/sys-libs/glibc/Manifest @@ -19,5 +19,6 @@ DIST glibc-2.24-patches-8.tar.bz2 71769 SHA256 0a21549ed196c5c03efc37273fb991e19 DIST glibc-2.24.tar.xz 13554048 SHA256 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3 SHA512 a4cb28a2c51a0cc029ed69da7cba11931a615ba897235590b4f7fad2eaabec9042f8250eaac2a5860997437a69ab13304f10a634000e52c0336b5593b7969adb WHIRLPOOL be82b47fc73f7e780e8e73a5f58b313d8e861d5ea8c4320f95ef0d8c1e125ff011d61dcfc0380be0e83868bd8c3299de1ea662da7fc8d709050e89b2c126e3eb DIST glibc-2.25-patches-5.tar.bz2 44356 SHA256 d9ea3908c8c4d561d22697d9830b4032cbbba46822613d5a3509d3b7e579c016 SHA512 ad3acf760e6cd714fe5d6833b53d8759e09c74ca60fbfd173e87dbb2d1062a5006427ca17db0b6ce695dae03e2ace7dc30992ae9b08e94ae4350b19ea03acdcc WHIRLPOOL 1fa660852f9e42fda956b4924351a532efdca88691cb2855c458e8bb9af1fc3cbdf2eb9c8ce93a7c57fa2d6a7e20b1c1a5c17d29b0d07f8e44e0ed8fdb7db8bc DIST glibc-2.25-patches-7.tar.bz2 46222 SHA256 af1a3c13409599486d58c531d04d794698b1ac04cc883dbdb0d29af7b44d7ca5 SHA512 21637f3b1a20cef55ce52311bc7b4d60d93b6f04a8d45944ccb9286fc330e262c6f37f729b7f5a5daec588821e8ae330f89cb7f7e84463b4e533aa80f408e415 WHIRLPOOL bc48fa53ddd264559378e8075c42bd38fd49015ac76834aaed7e0ec338dbbba1f4fdc1d2aaea6d53d72bbbaef99920cad489188b95cd0ec06b02ce5def110c11 +DIST glibc-2.25-patches-8.tar.bz2 47110 SHA256 1dc41664153369886d240a1851b15bf0c3c3739c8319e6d68cb0c2f85fc98901 SHA512 41d772c47770a63502c863f3c9bb05164e0ceab69fb7b7f355c25685ae4285d73e9ab0e3836162bd11852339055329d0bdc7238f3191fde39a50ce0d9a60454c WHIRLPOOL c6e0443d75e2e4607226caa4df1ce2b10ef21ec2564b447e2a287888d1f593d51f334a6e1ab942f5d1602d02c6fee87ce4ef9a7db3409de6063bc377a470a42d DIST glibc-2.25.tar.xz 13873900 SHA256 067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0 SHA512 5b7a2418d5b8a1b6a907c6c7fb6477ee2a473151cb45e03d0d4cdd9a33497c90b1ee39e2e7e885e2b25743dcd3747336ef114b4a73eb001da1fd79f29e0f9a6e WHIRLPOOL dc2fafaa4a0e5581268338453838a03ed0c5e7a2af844e8fb7086ab8d3ae48efbdbe6f25db1d089ae669cd2f8b0412f690d965506753d86f8525da2df59b7953 DIST glibc-9999-patches-3.tar.bz2 19892 SHA256 97f60ed6debd495610b123d7a27227e75942bea1a0fb1e5f78833a6f3bbe6c64 SHA512 75084b86a83d447d3a4b3959fa2a93d849e304ba9473ebec5570ca4fb5e2f8dfb38548faf3abc9fbd29b529f2c608b52eb2ef2e6e9a2ad5bea9a9298a19ef596 WHIRLPOOL 04a5c30aabf72530fa96fa3a8eadf8207d85d3a2a948ba5f4b72c0deeeae24e7eb71b99875f0e9b1018051fabb4a23630b41873fa4ff0d6ba9778ca6051212bf diff --git a/sys-libs/glibc/glibc-2.25-r4.ebuild b/sys-libs/glibc/glibc-2.25-r4.ebuild new file mode 100644 index 000000000000..27cd42605ffe --- /dev/null +++ b/sys-libs/glibc/glibc-2.25-r4.ebuild @@ -0,0 +1,150 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ +PATCH_VER="8" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.7 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.7 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} |