diff options
Diffstat (limited to 'sys-libs/glibc')
53 files changed, 11434 insertions, 0 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest new file mode 100644 index 0000000..51fa4f0 --- /dev/null +++ b/sys-libs/glibc/Manifest @@ -0,0 +1,62 @@ +AUX 2.10/glibc-2.10-gentoo-chk_fail.c 9407 SHA256 7745c0f5d37b37959b43b41e39762fc35b877161bc5740d9d3e9a83021acbc0e SHA512 d1c51c573353b3b8ae6ab1bcc8c10eda5cad8b98fc7ab4848e4fbd8a8736174f3c3fd1b72dd80c72b1e54be78f1cae4dc1ab8130df25aa6d1495e5cbbaf3b9f6 WHIRLPOOL 32028ddeb422d89c0523fec994413e67c6afd9fcfdaf147d3d6a28bd02f8feabda9571ced4509253b7061a95bb2c16cecf94a4274671b33909ff545b1787f101 +AUX 2.10/glibc-2.10-hardened-configure-picdefault.patch 865 SHA256 b50b29f85d88011555bbcbe6046e6600be9344f2d78412b14aebdea515420774 SHA512 e0a09f77b209a72ab577fe1e62126609fdddedf3fba0eec749c4b506cdf793779b48390f055a3594892120f694291f8340c0b6f51862e94c03fd516897138be7 WHIRLPOOL d1b8e1536696350e0ed9eaf9a923daa7c004ef40ae94c1c3ba3d6cb293f1c19364cefbe8491089061124cbe26a9fded9f3d38d89f1bda56d408162e53702e8d4 +AUX 2.10/glibc-2.10-hardened-inittls-nosysenter.patch 8823 SHA256 dcf78c6524c222dbee907200a8878aff727e29d43a4962b977a16d85752e5c10 SHA512 0605b7964af87d1d6bdccea5c4d1bfe6267d4401b8bbf0c8bb689663e6bb3ef92eebad8be6c23ffdf6632a4d5e6098d8a403c3e84ffb21b5e87b5b1d1ec3512d WHIRLPOOL 635261b547883bbfbe23c802fcf97916dee823b367f96732ccecd7506dff004b87f2d36d97ed398510711330f3a53f039a14e226d20a681cc201a8c7a3450833 +AUX 2.10/glibc-2.10-hardened-ssp-compat.patch 4802 SHA256 bd6f0aa8eace0a935731749e101d5fe30210f9edb65f2f5ccd425cef581ddce4 SHA512 16fc6cbf366c3a0f476f28da8d4e465b1d894f68d33ebdb02de60d6b22bdc6341915d8529952fa4213b11c377302f18a63c462898fe0e4b13f5ec9e3ceda96c7 WHIRLPOOL 059e84269286b285261cc57846b34462524661fef3582396a6b301ee2dd156d2511c88f17f52679e4d5fd96ae0ed6673c8b75a32048e40efa87fad34da6cc066 +AUX 2.11/glibc-2.11-hardened-pie.patch 1492 SHA256 74277f76ace9cb6b408ef7c1d43a3604ae0d6c1af539055aeaeb542d2bfa2a46 SHA512 31ad12fdafc20f783bde32fa3cb477e18d19c5436309b0023284c3134f99c849b0281ea7815ae7509b96f1a88e9c24d52805044cd1c65a88a1a62eebc519a0e5 WHIRLPOOL cf3fe8c5e164623bf553487cf589f85eff28d1073e55a87ef14da716ce313bfaec0dadbf322f2e705c1d4f975458d9cbd6f2eca268a9dc5dce16e54305907aa7 +AUX 2.12/glibc-2.12-hardened-pie.patch 1542 SHA256 9d11da52900a4cfdaa9052476029cb1b4c8004dfaef3cf446f3b728035f75fbe SHA512 97abb62a72d95b07f546658846718755ed78286b11cb72b2cf6ebc809afb1e775ca860e3903f9936ee54761b6d6bb309e822957387900454dd3c66be35ba8148 WHIRLPOOL 4b9b95d1c6c6e02ba21ec43f382a1d932ed8be5ff548a828c3e9a1d945c44cb8435fd502f6c8becf6a2c19bd23c77ad003598b3b3b68b7bad5a5af79e92d6077 +AUX 2.15/glibc-2.15-localstatedir-backport.patch 412 SHA256 465bedaaf735a48825cd6433007abfb1e40c2ef8ddf94d12d452b486c70ce36b SHA512 76506a540d47ad7e76073c3b25bc46278a9e56e34e17d49caf9fffc0622646e8e0d6905fe7d00599db02f444420ed0b9d64d3d70df78446564b137fd65021e45 WHIRLPOOL f21fb6d6eb3555421f7d90b179a7a2745e7056316eacbf209066f01e742037fd283689c5a5f5a313666a2fb79d5ad0631dbada94d9c7eb958ee01217b605533a +AUX 2.16/glibc-2.16-hardened-pie.patch 1570 SHA256 9a8d8a8268605251782b1fba509cda090f39f56edc8a5497c7b4acfc428041f7 SHA512 1dff16b1ce4ba6246336d19fac21ea6e8d5710e138a23603fa6b79896d895834b6d28bb1948c83648120ca1d038805db7dd7138ba3e28e9071254d6320cdc092 WHIRLPOOL f96487ac4bd95a99e9e70204c686c3f19bb8238cfd4a9856b031be58ac23927886f228a8b4add14213e0489a204c51ebbeb8a376311305025116b8ae45fc90c2 +AUX 2.17/glibc-2.17-hardened-pie.patch 1784 SHA256 bba32e40c73aef20122b2825f31e5c3aa058b61feae4f32f336e1941f83f82d1 SHA512 9ecfe2b6c8c982a42786181d6507d5fa588a6868109065451f58a779848837bd5e69c32a24e43a186c2ff63a9784015c51487e342c87982ac074139e36c169fc WHIRLPOOL 1baffbef9e6d870ea2f2ae5be014b71020a213a1a11e9856fa207545867de444ed164cb926b2aac23471854eaaf72a87e38760702b32bfcfa639add8733d925e +AUX 2.17/glibc-2.17-runtime-prefix.patch 6695 SHA256 466198a1e2f92957017d3e550b806196de40a6cbf780320b3b11ac72459c19d8 SHA512 9adf787c8516ec86609bb2c1975d2d05c679199200732c141f4c8ae2724bc1b92a3981995f814542d2fed44662d7ccf560b0e9d904e27d68eafcfe3f55787a43 WHIRLPOOL 3bc2aab75168ad3a8b4b273577c3f0e71396a631f151974433187ecb3c73b0adc2ad15e9fd17334b9cb1332035c98937d302a03bc1afb3f66ff1d36d347d21f4 +AUX 2.17/glibc-2.17-shadow-prefix.patch 950 SHA256 36fa45e0e2642c6ce8809341b69e93d45d97d3b6c451a089198f7b90a5d0eb21 SHA512 3101b9814bcbd0443d309f3949024e753cb6101e84e9cbbae1502fb4c3f85c2fad041608ba69c966cb1da2cf64f5f2c0931c08db222933a2053394f7b0fabf9d WHIRLPOOL 5243b70d2d2e2d3c3c9b07eb2251bb5e78767e776c0491f91fc8499c3d807b44bdab384f7c81867373a577574999079791695eb65ed8c2da1ce5a79c8e60a5ef +AUX 2.17/locale-gen_prefix.patch 2704 SHA256 0807c8979b7a1a63b48d155417ff8ecc7e14773e928a0d1fe6c349a36fcdadef SHA512 d6b41b953713f7fe0ba14af6d045fc0e6b649f278da691ca5f021d95be5cdabfc87de399880cf988fec2b189fac22864d004ec8d159e59a2348b41945de1d5db WHIRLPOOL 3c7d6b4e789ae494cebea620ed64a6ba8dd401837914f4ead72c7b2d6af94538c9a28f65781db7e6ae0d21c7fac13c531b71147fdb5456ffd39ae1246b331069 +AUX 2.17/vdso-disable.patch 1136 SHA256 49006855c1ba3ae3d3aa5ed71787056dc64e993eec70a4bef05bcc9f4d824014 SHA512 6eeb6eae8b8c1777ebd18170a7651b9e95297125cfc3829786c4d02887cad4a5d768fc2950723d1d040d16d15d72491d7443a3c14ca9f20eb2adb1ba6d1649ca WHIRLPOOL 80367da491b958d0b7855d23d3225a5c17a3a7a1b1f9a54ebc093c53823a5ef1642b974b45e079aec0abff0476494368ed9afcaed83b87576ed8458b8348e41e +AUX 2.17/vdso.patch 697 SHA256 26f2089344709de9c1bdd2f974d02ff5d4c465f6ebebd5d1ac2cd72b732de201 SHA512 a303a6828ed001b16f2f5c3532890cff66a50259c2e2aa2843e992f2bed5e6141abc9e120afed25f2e1f30d77bc218c3940d680c3d73c227d2056370d5e6b806 WHIRLPOOL edcaa815b8f86e17d77f0582453a717fbbd848400bfdbd302730fec20a952a584ea8f5ba4f7175b25d84752bc895519d7baa55664073cae5037962b0c1825aa3 +AUX 2.19/glibc-2.19-configurable-paths.patch 81250 SHA256 ae15864d46cb4d5e061465249c9a9c4585961a312d61d6e9edbf8dd8a5dc8a22 SHA512 e9b4c4d48560fc4af41505996b40f3dd0023ba86a71182d965a5c0978f1ed6236311da5b990199e2916b9fc091ce374b2d346b03c133f2d8fcf7e6f07616a3fd WHIRLPOOL 67cf918f3f26b74cf34108806195465dbfe0a51b3c97a7ed19e398c093980dbb0bf5b9102f351cdd95acad58cb3b7c947a50efd593c6a161212afe2f4a9f8ac0 +AUX 2.19/glibc-2.19-hardened-configure-picdefault.patch 865 SHA256 feeb2ddc276e90f55d2fd358837e8d4922d3b2875cb8080b1d8e27e5da83a2d9 SHA512 d8e6fea72e240f1fde8a487958463140a84e8bd6bb5b176f8ce84a34df3137943db9016300884f3efdd4da130e342448e57ed0c0dc6eb2956d647286ce1d00ce WHIRLPOOL 3a5d2882b5fc1bea78c45409c848c94a260659e3ea1e28a5dc8818de8825e55453aa1cc97b86eef99c91b17bde9f2a6db1fd8ae03839f7029d93a71feaa4d4d0 +AUX 2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch 1360 SHA256 f0d8bb004f598375b61e67e1c215b15953c293038243207f2d85cbe9f10d093e SHA512 79876b12871b3e7693340bfdf99276ac0dfd6ff30bc977a9526af9e681fcbab2f25d3ac9e2b33f027c968b38a4b670237de54ffd08edc418423ecd82dddd1d67 WHIRLPOOL 5ca64dddf58a790cc5f6090ae48fc4bd4799a9aac4c67f6ef7d1fea9498208ffc38ee8167b6ec80dc97c4f723fcdfade8f573893f1b380aff04f6d0476d0d253 +AUX 2.19/glibc-2.19-vdso-disable.patch 1120 SHA256 20048700be532bd1b692471420f930951cc0be2d2c9eb2a95e895e9771a0e13c SHA512 8f52408e5acd96708e5376b3aee77d4851dbe98a7f4b2d2503d3ce5c0088bc93640023659d9e49c8c802ab33ad9f987630667bd5094e4b4aab2c48bb1183a84e WHIRLPOOL 67b6bc23ef1a90886f8860396d52b9004764f3ebefd1d48736c734db419d47402c01c9b746a16147a84b77b8510d243c63d76048c8b2a46daed8aa0acac73fe4 +AUX 2.20/glibc-2.20-configurable-paths.patch 116486 SHA256 d7fe27619225d6e2941e52bc3dd049bfffbed2cf633329ad4ae9a76150ce5f1a SHA512 e2998c66d7c84e6da8f9f24e3b710c8c62f0042a65c7af6f0a2f9cf303724d732aec753e6002ed265c95947f72534de6da9fb0681328c5f8cebbb8c8a60ac61a WHIRLPOOL 50e5984c09e76dd5ebd9172c2e560dc2ff721af23a9be0d1c24fc289af20a5a4e0bf278ec4ef878151bf1cde4d51f42d536aeefdde1f5c206d7942630c8f93a2 +AUX 2.20/glibc-2.20-gentoo-chk_fail.c 8978 SHA256 f9cc426b0fb21de1dc11bb36e43bca8e1b3114fe78f8b343f672a951a82c742e SHA512 5cb529ac9d18a315f25fd48a3a80a529924bee0588074c97e6df7dbe8568a67f786363c41da6300ea55818369e3609ed4315b2e2104f8a8b4f1266ba43076eda WHIRLPOOL 2d38c19a20226fc4687037b8bb19025065f039ddaa62466879ca98765c8899e64b147dd148565304419ed1a98fbe1f8403710b22c930b08a19bddba7e79b0f1d +AUX 2.20/glibc-2.20-gentoo-stack_chk_fail.c 55 SHA256 ec73e74297b5eade591bfb3a2999989e2a7aa80752140048ffa67349635f05e7 SHA512 4dfec1bd17007b826110dcb73d09331a58b7a892c87de55b94480b14c28686442c567725b610082813411cf9911e180835a400a54ea704fe80f81cfba966a989 WHIRLPOOL b2b338a50f7895c530a71a19e4582bd0116a0b9d13b2e1505f0566924557493849f93cefb2c0ad1719ef684321e145129e0f72cfc9aa85a44ea7ebf910e7304c +AUX 2.20/glibc-2.20-hardened-inittls-nosysenter.patch 9951 SHA256 992fb70b9b62674d94ef8938297a3f2591b3121495987d927f5a44c1d8788658 SHA512 a8302ee2963bd791be859233223b17cd154afbf04c13c046956bb1140d748272d7bcb3a6167ce8b61573ebcffe906dff064308374d2910656b8fad18480fe422 WHIRLPOOL b8753d6f1301650b91b5cf4f342de22010d819deb2bf4da27aac33d7540e15a140b8a7a4c5e111faba320873ed5784b22f6add29181fbaef14c3e9504b1b838f +AUX 2.20/glibc-2.20-vdso-disable.patch 725 SHA256 476d1198e990a0beb42a7350c52c34783de33d0364ab3e11d9b74a81e027977b SHA512 2c47efc06aa93eea18e6d407c2b1cfdaa80b374bdaf7ad257ca02857aab53d7a6ec46092872d3affff2ec800f6937012571115b8c83d116084c21f8130c4fdd6 WHIRLPOOL fb919be2a23f5a240817dc8540582915cb0e0497196237a7bcd891113738b81072e96f4af4668d0ebd05094c2983c411265267bbcfc2be96c5ff33f37fe7f936 +AUX 2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch 2329 SHA256 b5cf51d1ff5479d09fbc82992f126ca4969006c90c3a2ae94ad586d4902d791b SHA512 939ec7da977837ef46aa8894f99ac06b3fccfc36dd672889b85ae8cbbfc9a963c5d0c031d776aa2feee29ddf8341b4cc7a50ea19b7c6f7e80df74eef5f1fd977 WHIRLPOOL 47d248ddba815a517aed9b7dbfa247bdedf293cb5adad8079be803ea4a682136f01b47fd3817a1696b3758c4631d1a25376bf58ef039998ace4a6b65807fe75e +AUX 2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058 SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df SHA512 2d404bec1e009d111b775fde620102b3d0ea7614d07ba31350940f2693e937e825acc43d1ab94bad2eecac61d47c696098327096dff8f08b4b7312d0873d71a6 WHIRLPOOL bb27ef90afb256d3822787b93574d4f4f5632995663e08b7201db17a4f38f6e2a8fd6368aaf699a808cd8f7acc346625b5607dcbf1e88f8b28dcc6d3dba92399 +AUX 2.5/glibc-2.5-hardened-configure-picdefault.patch 794 SHA256 0c0359f567e4ad2d3184618bf6ac7e6102b703eab6227c7e9a4ff4dcdeed2c91 SHA512 99caace6c3528db400f8039c3f5aa65a2d5088d9758894c8a49df2b5045226a4056972de2d162411617162edd9023b6c6f80d85509638b5d68a8d0cda40adafe WHIRLPOOL 1271cea2155149e789f1242759e516443c5cf152ae9612d91d2a25a727952684eb043fbcfb38186a31fc6a1568201de5ef40af45436b137453e0582f2f6facde +AUX 2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 SHA256 2a912e82445815ae32744d990c59d8758ec74e482b856bd274c292848b9af1fd SHA512 6acdfad1c2395a8097500216df3aab7a96211e418b56eb07ad317c25049c30c4bd9538905f186eb6d5b9260d98423bf525ec005a283e385ba4a83e7425080b10 WHIRLPOOL a542db44162d1322b23c574e20f59c8df7a5c17ca26560a22f73da832ff1743c7f56915a7e43d5d13a6068b3b975521f6b33940309496ae62fa952cfc2cd23dd +AUX 2.5/glibc-2.5-hardened-pie.patch 1569 SHA256 ff9cde8857c5da89faa4039e2a81748674fbeaaa49d85c378d80711d55f2b0c1 SHA512 bd026dba9df97d5a2a66c92feb8e004fcbaf69aaff489688990f9c0716e31d35654e2ad2b4f6ee8ea02259567f28a7d389cc5d43f0a77122c3f65a61fb4db112 WHIRLPOOL 888ca7bd8d4fe89961ee582bf96c141962b6702a92af663c7cb86d245f471f55b0817232744a7218dbf9d0f9eae9a8cc6a52843257c9353eef1332cf5c368e2e +AUX 2.6/glibc-2.6-gentoo-stack_chk_fail.c 9545 SHA256 1410ded812be80d452eada5f9d6b9bd7bdb504c14f01cc27dce3e36b6f92b92a SHA512 360b77df2d19d14060e19e763878297bf042eccd5206ce4829a33c78c982b59b46144116d237a7cac73a22dd6cb4987c8dd50f1d16003baa22c2cb2942d2cbdf WHIRLPOOL 44e14dacdd258c46201a44c2c6aae4d975b960a914c24e49f2b39dae960636512049daa052d3cd8e8d93819d263327c28eac947efdb5d9e240d1bc6e9964016f +AUX 2.6/glibc-2.6-hardened-inittls-nosysenter.patch 8674 SHA256 cf58ded8fbe9fcb3dc094521feec2588c1520ff2c632b20c69d6a210325c4fcf SHA512 094b24474e42a9714f5298b0768d44f2c0e01b7d8c3b0a754bb16caa6c024106e8c0b1acbce670bacec1ead6653f8365397173d62cb8168b946c8f521ca155d2 WHIRLPOOL 9fa16256f9d3bd2f38023549c0bd4c932d3173b6c3f4ef66e19cdb3eff5cb2def6ec02fa72a7e57ba74da6d5f29b82ddb9692d59f6c694d45b5989fa0bfa6057 +AUX 2.7/glibc-2.7-hardened-inittls-nosysenter.patch 8755 SHA256 b0b1bf0746f7160b89cf281502b95c38dec9cb948d6a50a907b84fd6230a2dc3 SHA512 50563c26e1fd2e71cb034c8a1b85e0e4075ac6467bae46d4cba0c105c940c5aa6531c39cf00c63ebf94be4e290ee485d7bd8239ff08dbc781db605b45c4aa38f WHIRLPOOL 2047148b53073bae4031ad864fc360112e2812115ec455142c82d4694a57387b49b36c98f400dd6f77f5dab3d419303faabe8183a16f0fd68387996c95888a43 +AUX eblits/common.eblit 10934 SHA256 5e12fe093156b639b308212562a92cd68a7778272efdec9c2dbcf3c6f94406fc SHA512 d8bf175a3f88dd93bf338af9ca2edda88ba0e3b0be43f5110865da58911092c7920ffa210d82b579e402bfe29545c3376a6257ede04dc5ef27dee2318a7d452f WHIRLPOOL e7e97534c857f56c5a7821372d1209f757b89981ba6e2386aedb42acb60afd72e0f27181a5246eaf94716808551f14933c11d57b54c3308a3bbdb20c7316e346 +AUX eblits/pkg_postinst.eblit 971 SHA256 abcb925bb0730d1eae22bbcee7a4ba6523280390f410f38bfdf9eb44e0280000 SHA512 65e577c77a9a488c5e93ccd4afa325ab7e3904df594c13fda17136c8aa2748fa4e6d0102f4799b4ac9b8c3bea9920faadc4db356ece9929ee708bbfa9151dfc2 WHIRLPOOL fb3cdfb702b0ce616064f94321b9225a53b300f76d95495098b6c97eb3ab1650ea2d323eae169bb8d1fd8795134aacb5c54ba6927fe743b01f124aec416b15a0 +AUX eblits/pkg_preinst.eblit 2105 SHA256 aba79a4369067615bc48429ec371ae91ccfc793ddc72cc05862b705cf63c303f SHA512 993ac0b94bae95819bf11f2ba88820bdabdc41c4c63ed25f00adb16e9e965d4206b68d316faf329ab3870a3e810183662e12e554a0150829ed026567bf9829da WHIRLPOOL 01c511f6995fc5b8cd9bf564298ab6bf6609e660fce26dff23c36081ccb72b28fdd3ba0787384c11fd126a7db0f1a0744e9396c6225b0881b9d02ee52d6eaa42 +AUX eblits/pkg_pretend.eblit 4990 SHA256 219947e495090b640ec6229b028299edc3f06ee81a130211cf91803923ccf477 SHA512 cb27a05b798ec892576239d6146403f2430c9568faad410f42933610c83c60317bcd79198be4ff9b6c08f9e13b3e0ea897a9ddb8613ccc75975fa227e3c9e26d WHIRLPOOL 613f1920a3d8f51fc6274f73d72cc2be1f3df8b5f2d5af173d050142cbea8b52da4eabe50ba28192af2f2a62c259d512d466b33b303a16648cc82e6422904ba7 +AUX eblits/pkg_setup.eblit 275 SHA256 c5de97dc69d3508555ac579e14ead694a75edf4707c1749219677ebee88ca9ab SHA512 627740976e372842b09034b79f61f5cb5d8283f47c94cfe66b2aa1517c901df0bf3b456f1ba26a9ddc0aa0215190d0415ed4f881cc950d163d8203a0e6bba2a9 WHIRLPOOL 16ef3155b35671311443f4c231c1867d12731035aa603dedb6e86eabdc1501c67183474a26bb06048e12c19ac3bda054fdb8a107792a3dddb743b6dc7d447339 +AUX eblits/src_compile.eblit 598 SHA256 3b90a6f44d307b92cee36fdd91d412bdb9fcbab555e6c6bf8174c8e3f29137ca SHA512 ee216aa3bb13f75313d141459acb47523442addf12a6bb8d829ca40eda4f63324911a13ff0ae90fe6eed1fbe0058c89308a2205c5357a0e1897a89573fea2f51 WHIRLPOOL 3bfc5406e794ee9ee4005e97aa2d40a82d77de090c72767d6b43be6993048536b4f2442bf6864157d036e7ea3fce6ba6537a97cd2afee04c61f9e98e1adc3c00 +AUX eblits/src_configure.eblit 7909 SHA256 5947f6fe819d936e0e32484a6d3f49ad7aac5e5c89333251c5659fe998c6a083 SHA512 63ef84d95c47d5881db383c4c90be03434e1c1a87db673f562ead7e6edbf694a428cdc0cf69d312159797f70fc5ac74584d7a7087b314d92dc21e452d1d66477 WHIRLPOOL e5aa3b11ac35b05ea52b077ffe16f8c5fa144a5c70dcf086569a7b6bf2daf171d552dc4a72fee65b892297af1796e80247512e17c313c4c56b6f4b7351fe8ef3 +AUX eblits/src_install.eblit 7814 SHA256 8d64a4a031263dd7c3e7ba710a5dbe51fa7004b9795fefdab55f7db273f5e89f SHA512 fb9fc62103e1803509f5910b71eb28398258433762b930c93cccb7578756599739714c41077a2d0fd81c78e8fd14fd30b384a2c141d8df801507414531062551 WHIRLPOOL 4634ef7da02f35d461027a4d5bd27bd4e888805de0713b577ac47eb1161048f929e1c52e38fc4ad8da333a2198877b82962416edfb30bbaafb9055fb658a6226 +AUX eblits/src_prepare.eblit 2231 SHA256 02e28094bb57137d0f12031dc3ed75d022df711847904f428ffea2e0bc42b778 SHA512 967e831a0390c2fb328cb69a75489f3ecddf2a3aecd3d8b95e8ef36fdced3b0b15a320245cd1274e5bf78bc49a17a862fe4af26f610c3f864418c707e7d6150a WHIRLPOOL 4855e3979903daa6b4586d5bed08a1f7806c03b9873f4b51a0b6b73254bb40eb08cb0e6329992f663f98907e8d82f485ee7f49ee4f82fd52dbfe880f8dd1fe70 +AUX eblits/src_test.eblit 698 SHA256 96b044ef9a27c2591b2a440b45bd89989022d0b41c546ce4dcea58a631315bf4 SHA512 0a46dddf53ccbfaab3f85ba7d2e8f202b4d5be98052601686592eca0ec115de29d8cb1f324ba12dcb77f3a8d4bbb39032532042b8adf809a772ebcc845b1a152 WHIRLPOOL 42af8b97859789b52a5a0c100ba109d8c3dd47532ef3f0b764c95b7a61be9d293d99de25e601dacd840c0a4cc921740b5acc2a3567b5aa3ae8ac6f88430ccf04 +AUX eblits/src_unpack.eblit 3096 SHA256 f0934fe81278797a0625fde2518f5bdf8531c75443ed3dc6ba7d18aa751cb235 SHA512 6fb32f854920ac4c0df5d60d334f4b9376b05d9b2df7d1bfac979acc3d7c282846fcce36c9816558ee75db030c3551b95f2ff26e53ea166adf97a2ae5db55abf WHIRLPOOL cee004cf4967f0b073f56ef5bbc67e56981f109400622f70cfba51ce120115f4c25ee7696a5b9baf7b22080d01d038ea936d5c342d65b7331b3801510a509123 +AUX nscd 1621 SHA256 6165db3a2fcb251d4f3655c0461e018ce9c92a37f7f22a8fd2b75178b5435bc8 SHA512 3e1255ab014b3806112120000c3d2189a7c1c69dcd6639d5ce55e96bec721683a22b141982f6a6c6d44b14481c33fbbaa470863bef04e9b9eab7ccad1ddd5d95 WHIRLPOOL b7152f8d888fca13a16ea403c44eadbf1da2249dae3add11f73999259061824460a5479aa7e58c012bd737b62ecc81814109832cee33638279d90d4c08bfdbdc +AUX nscd.service 337 SHA256 de7bc9946309d34f0ab44aa22a4d3cf259fe91c57e8000d741cb09ecd3a6caa0 SHA512 2001100f3b054843c69b6fd2d38852c7c824282aa8998c25a3c0352db993705429d25c70d8ce6cb3579f836b7089644c520acac423ebd69cb1b36e94a77c5bea WHIRLPOOL f01d191971b0dc45f541c9ebaaa1a40f3497e2cc838cff6a20a7b1828d726c248abbd94322a5a5ff30c33ddb7d9086cd4d2ba3bdc1811fed59ff292ef3983a72 +AUX nscd.tmpfilesd 111 SHA256 f0f64c4612d2097173854d2ec2e94ecbf4b77c7a6e94d950874e37346aa90d72 SHA512 53b80b331e1a85d8ee16eb2ce547a7249e944926c3d1cdd4a47a5301a5c842ffc7ec1e3dc0a731542a8facf8261c1c57121802d01741aa89898a3476c09da340 WHIRLPOOL cf1fed1a7e2ac1623a84f1cfa2062645afe3f791da2f4ace3859d12aa05df0e282b4c2e367a460015956ac2a8d01fee4cda84917a3adf2c38561dff200335270 +AUX nsswitch.conf 503 SHA256 6c38b8642d5da884327ad678d0351d57be3621562253bd9711394bad87e45e2d SHA512 c13714110f3ccc9a2270f51d0da9293ab19b9df368092d19b1a84d5051d888297bd9439a322eca1ea60d6d5e58952797d803a368a295f2db6d5e97e173907373 WHIRLPOOL 0d37755ba5928ff894c355b3fdcf7079f19c1cb7a4f3676634084da89c74d7175823a4659b8c66d8dc1395d086991857162822ddf977dbe8dff9a59bccab821e +DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f +DIST glibc-2.15-patches-13.tar.bz2 154658 SHA256 59c11d8b70bc406f6bc7dd87509f1c5fa05998fb0dde8e1be530064e9dd24a53 SHA512 ceec0506e10cff25ec9acce3d4e3f174d56a7cbb00993cb8edbf532f303c48e3b2d5e965e4470f537dbed23d14a29bae4ac4c834b4c11fcd27d8e66d8500e4c6 WHIRLPOOL 9dadbcd8626df9938b6b215a0618cbc605405bf56bb143f25e029c0aa00d5d6ac75877c7b2fd2a2c22291f62587cf8011c30d32baafb5ed0dd2bb539895f1c54 +DIST glibc-2.15-patches-21.tar.bz2 110297 SHA256 5553c0a37c5c0a3abb303850fa9d2ad309e2f47c3f42806c2f1dd32a48affbfe SHA512 5255ef053a2c30f9cae583133094f41604385b9d6e653a0d6aab1d13d69e6c8cbf16fde712607ab0bac738944a0410ddc050dc231ad4ea7d3584271937b0b059 WHIRLPOOL d70249c6c3c3c0a4d02c3ebbf0309bd6b3da3962231c153c77be38d217e2f57e0eba88614e34f0f219f485ba8f8474586d0059cfc505e44f312396e6a753d441 +DIST glibc-2.15-patches-23.tar.bz2 118999 SHA256 11c38082635822eb7b12d538e3b9c38ee71f6a86be6cebb59f5f2c575be93830 SHA512 ff3792a0029ea24990fe2419579472bd02119ed6a2dab28e85089d232029be5f1c18c643bcb9d577dce78a7c682bb5eee1ed3644f086b5cf19230bcf37ce8a4b WHIRLPOOL 110ddb5989bf1b66a487c9ebae03a3e62ac22b7a28b4c70d142e1c56160bdd50b9f5fa6f4dc4a28cfb28d94281c582fcfc1f60df8ae2ef4e8a946b3b06d2b1b1 +DIST glibc-2.15.tar.xz 10280176 SHA256 321ec482abdc27b03244f7b345ee22dc431bc55daf9c000a4e7b040fbdbecb50 SHA512 fc8bc407cd9edfd79bd286d28c84e0b8224e1f57c1d318e73da098a9693257d78970178fd59f487f0321a079fcb772e8e78473fab52f091b2addb0a48fe8dcf7 WHIRLPOOL 061fc0c9915bd821dc31c2fea8e4f9a75b6c7ec0c935ea713d8c087408a8bf3c600179273438f3d9748fe40b946866b2f160e6da6fee4da51e549a30d0f0ebbc +DIST glibc-2.17-patches-7.tar.bz2 79288 SHA256 8000409d072571d2d5119d4dd538e3a3ea39213407e202ea10033bf6aed516af SHA512 c6de4d7754cec6e7a9e36d56eadc6605ba6fcfac116eb50553503738873659977beb935112d361620c35e7b15e86f845a49fd13269ffbf98c72f54dffade19f7 WHIRLPOOL 259e938e8f4ca6b7296db4982748429f00135f80cd03965da589e4318134aeddb5acdfa0f8f61871e46330a0c96eb8e734a3c2f50d564882ba37f13f722b78c5 +DIST glibc-2.17.tar.xz 10981956 SHA256 6914e337401e0e0ade23694e1b2c52a5f09e4eda3270c67e7c3ba93a89b5b23e SHA512 384e54037daaa344a26ce58242acc3f9a249d0765088d18a540a305745afa33ae6dec4024adae958eacd7100be9c713d117260ace8340f6d8c8396dbde4868d2 WHIRLPOOL 9b98c1c298aeff607aaa554341c300c15491b7314f127524fc5c048c67c5059daaf706e6cf206bb69213d5307e37bed87137ab46f504d8072bb778310081fc23 +DIST glibc-2.19-patches-3.tar.bz2 80664 SHA256 6fb03292e224199e0dd9ba7ee83aca723e1560f26831e85cdc6302b187c6de3c SHA512 d281d6a2757920124cf8a3f02b97e75192598b08d96ae48840df34c7ffdcb212952d171f233e6f12a429b19437d0a296212fe1f2eae164d6a1c6793cb3cb69f0 WHIRLPOOL 6f28a2d0dff42e8ad0e77859938e3093753f77f78821375777eebb2db5568bf1c56e8b8208f02280f23acb2dd26dc8a313fedd5b2c10755f1659e6d324a1dbc3 +DIST glibc-2.19.tar.xz 12083312 SHA256 2d3997f588401ea095a0b27227b1d50cdfdd416236f6567b564549d3b46ea2a2 SHA512 9e021fcb3afbb9ace2a0e37fded231a62de861bd766e29d47163a03182e37add718b7acc3963d1c525f9556773e842297725715acde48dcfbaab6e756af1a23d WHIRLPOOL 9581a3a23ebdd56bc559b56b95b7bcd21ca039546ec19c6c0e4e0738597542164fdb21ab1d1f36d5e73a205fb51f0974c7d497972615bce69ae002298f6475b6 +DIST glibc-ports-2.15.tar.xz 421820 SHA256 fcc271fcc3a808bf0f3aa1d144bc39b8d0d5f730aed6e206b883961515f0d1b9 SHA512 fc3c80a9a7ede0f35054e5be043fff4b967e6ef6678f42e617dd1dd498920edb4e4c785cf8e3cd97fc2914a35a892e0fd7e1aab24f0c3c8d207765a131bf3744 WHIRLPOOL a8a617eacb326615265832f86a7ef39678364b5b65d5c16d58680ec0debfbca6780018b7da9c1a86bdfffcde58aa1258b96ea4bd50b114901b522e62d48ae4a5 +EBUILD glibc-2.15-r1.ebuild 8143 SHA256 94c831d06eb6cd7c153db3267dfc7811739d90b8761751b384e85360f77e70bd SHA512 53d5b41729a282362d3447a45dd373c098e04cafddc81d7da0304b7ef56a4bf53058c4ea88763db48d3796345131f6b25cc56949770af1a628549d3e2b24af59 WHIRLPOOL 3f76b15a4db14db99afece549cd4c4982f1fbcefac313bbdf10127f10630da9c43f272ec85ee99afafeb3ab9afcf5f2eafd612386e152e3cfa08d360ca639115 +EBUILD glibc-2.15-r2.ebuild 7692 SHA256 1ee891da4bbb450ce16318877a9043773c34a7418eb49f7f684155e48ecc1b6b SHA512 4e0e5c7e85a514a0fed90a9e339eef8748e3a0f06211a93463db355b9b921337ead3f645a3fe8b99dbe2f12d1c03e2ffcad7e2dbe2909b5d97fa5486fe53215f WHIRLPOOL 84ab863b0f70cf8d40291a155f21c987e9b48dce005890e34e105bb3fed950d463f0b053fe2d7988a9b218dc3ccc9afb0c952845009b2e7e2569b28298f8e479 +EBUILD glibc-2.15-r3.ebuild 7764 SHA256 17540bbede72db02e113f556cd3c4a6873c45be1191bade644b5a78d2557c673 SHA512 b9f856356a1dad8f51a62610defce3984477e7f8265427c7e6d21c7868bb6756de4f66b16d3184fd51180155112339e33547a2348d55a2cf1059ccbdf68f0c3f WHIRLPOOL 9c36e9f55427b2cf0180db983446d572d63be309e64b42bbe3571105446f4eddaa815081faf79fe6fc639e3ddf3e3720f11e7af2e85ea19125ef561176eaeff5 +EBUILD glibc-2.17.ebuild 7668 SHA256 b6b7142b8fded3c848424eec002b0e9b15912fe03841d854377b827ea3975eb9 SHA512 0d5dafad92578139720403aa29e1406c366892cd7bdebbfa3fee8a1a4eed06009941d9a55f6f9e9f3ec035947e03d17137e6b9ecdb4061812b0254aa48d0d1a8 WHIRLPOOL 2fdb5ab665c6ac7297e2586644f121101ab84ae3a17ade1fff87be8a31e4d89096063ccb25ceadba53328a398d65240833cf2508b3fa20c42f1e4354a3f1f81d +EBUILD glibc-2.19-r1.ebuild 7397 SHA256 c96062bad2386baf72d3e31e9858eedc5a05980fbfe90b3bc618f7027d90c80b SHA512 df34e6de33e59afb49c4c6d98bf32ce47f21c54979b2db5e21bdad8357f9e2921ab5c80f9926aeeb4cc65f010ee8407bd078ae121adedb22e8d5e6431b8123ac WHIRLPOOL f74da4cd1fbd863928551144cef903093df3db95ca7db8da982a1eede571e5cbe123700ef8d81546754cfc29a9edccd58bd42ea1d51f8cfb76a35072fc96680a +MISC metadata.xml 521 SHA256 e89c6157189c7a76823ea61ad88e85d6c5e497855abfa03d4e044b09bd0d0955 SHA512 46d36653c75257e1091d88eed54dda553a81a246407f7ae37864e3a9f1c359560bf3d08f5946a725624804e74b1684414a729a1a3b961220dc76cdedd9a4d0ce WHIRLPOOL eb3695d1ce708f3668dc85332b4ad9de6e021b3a98c1b48c4b874d7254168ee5aff2ac6b51866b1df29f1689085ab07e97a7b39708bcffbafedb21288e01f42e diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c new file mode 100644 index 0000000..37711e8 --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c @@ -0,0 +1,315 @@ +/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2008 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP and FORTIFY handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP and FORTIFY handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + * Magnus Granberg <zorry[@]ume.nu> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> +#include <bp-checks.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": buffer overflow attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** buffer overflow detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __chk_fail(void) +{ + __hardened_gentoo_chk_fail(NULL, 0); +} + diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch new file mode 100644 index 0000000..e75ccc7 --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch @@ -0,0 +1,30 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for glibc 2.10 by Magnus Granberg <zorry@ume.nu> + +--- configure.in ++++ configure.in +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + libc_cv_pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + libc_cv_pic_default=no + fi + rm -f conftest.* diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch new file mode 100644 index 0000000..cb6d8e3 --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch @@ -0,0 +1,274 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_NOSYSENTER is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> + +--- csu/libc-start.c ++++ csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -129,6 +130,11 @@ + # endif + _dl_aux_init (auxvec); + # endif ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_NOSYSENTER + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- csu/libc-tls.c ++++ csu/libc-tls.c +@@ -23,6 +23,7 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED +@@ -29,6 +30,9 @@ + #error makefile bug, this file is for static only + #endif + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif + extern ElfW(Phdr) *_dl_phdr; + extern size_t _dl_phnum; + +@@ -141,14 +145,26 @@ + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); ++# else + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); ++# endif + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align ++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# else + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# endif + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV +--- misc/sbrk.c ++++ misc/sbrk.c +@@ -18,6 +18,7 @@ + #include <errno.h> + #include <stdint.h> + #include <unistd.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used ++ via dynamic loading in a statically linked program update ++ __curbrk from the kernel's brk value. That way two separate ++ instances of __brk and __sbrk can share the heap, returning ++ interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif + void * + __sbrk (intptr_t increment) + { +--- sysdeps/unix/sysv/linux/i386/brk.c ++++ sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ * if the SYSENTER version requires the TLS (which it does on i386). ++ * Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *__unbounded newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, ++ __ptrvalue (addr)); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif + int + __brk (void *addr) + { +--- sysdeps/unix/sysv/linux/i386/sysdep.h ++++ sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +495,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch new file mode 100644 index 0000000..a1c9eef --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch @@ -0,0 +1,168 @@ +Add backwards compat support for gcc-3.x ssp ... older ssp versions +used __guard and __stack_smash_handler symbols while gcc-4.1 and newer +uses __stack_chk_guard and __stack_chk_fail. + +--- config.h.in ++++ config.h.in +@@ -42,6 +42,9 @@ + assembler instructions per line. Default is `;' */ + #undef ASM_LINE_SEP + ++/* Define if we want to enable support for old ssp symbols */ ++#undef ENABLE_OLD_SSP_COMPAT ++ + /* Define if not using ELF, but `.init' and `.fini' sections are available. */ + #undef HAVE_INITFINI + +--- configure ++++ configure +@@ -1378,6 +1378,9 @@ Optional Features: + --enable-kernel=VERSION compile for compatibility with kernel not older than + VERSION + --enable-all-warnings enable all useful warnings gcc can issue ++ --disable-old-ssp-compat ++ enable support for older ssp symbols ++ [default=no] + --enable-multi-arch enable single DSO with optimizations for multiple + architectures + --enable-experimental-malloc +@@ -6462,6 +6465,20 @@ fi + $as_echo "$libc_cv_ssp" >&6; } + + ++# Check whether --enable-old-ssp-compat or --disable-old-ssp-compat was given. ++if test "${enable_old_ssp_compat+set}" = set; then ++ enableval="$enable_old_ssp_compat" ++ enable_old_ssp_compat=$enableval ++else ++ enable_old_ssp_compat=no ++fi; ++if test "x$enable_old_ssp_compat" = "xyes"; then ++ cat >>confdefs.h <<\_ACEOF ++#define ENABLE_OLD_SSP_COMPAT 1 ++_ACEOF ++ ++fi ++ + { $as_echo "$as_me:$LINENO: checking for -fgnu89-inline" >&5 + $as_echo_n "checking for -fgnu89-inline... " >&6; } + if test "${libc_cv_gnu89_inline+set}" = set; then +--- configure.in ++++ configure.in +@@ -1641,6 +1641,15 @@ fi + rm -f conftest*]) + AC_SUBST(libc_cv_ssp) + ++AC_ARG_ENABLE([old-ssp-compat], ++ AC_HELP_STRING([--enable-old-ssp-compat], ++ [enable support for older ssp symbols @<:@default=no@:>@]), ++ [enable_old_ssp_compat=$enableval], ++ [enable_old_ssp_compat=no]) ++if test "x$enable_old_ssp_compat" = "xyes"; then ++ AC_DEFINE(ENABLE_OLD_SSP_COMPAT) ++fi ++ + AC_CACHE_CHECK(for -fgnu89-inline, libc_cv_gnu89_inline, [dnl + cat > conftest.c <<EOF + int foo; +--- csu/libc-start.c ++++ csu/libc-start.c +@@ -37,6 +37,9 @@ extern void __pthread_initialize_minimal + uintptr_t __stack_chk_guard attribute_relro; + # endif + #endif ++#ifdef ENABLE_OLD_SSP_COMPAT ++uintptr_t __guard attribute_relro; ++#endif + + #ifdef HAVE_PTR_NTHREADS + /* We need atomic operations. */ +@@ -141,6 +145,9 @@ LIBC_START_MAIN (int (*main) (int, char + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random); ++#ifdef ENABLE_OLD_SSP_COMPAT ++ __guard = stack_chk_guard; ++#endif + # ifdef THREAD_SET_STACK_GUARD + THREAD_SET_STACK_GUARD (stack_chk_guard); + # else +--- csu/Versions ++++ csu/Versions +@@ -17,6 +17,12 @@ libc { + # New special glibc functions. + gnu_get_libc_release; gnu_get_libc_version; + } ++ GLIBC_2.3.2 { ++%ifdef ENABLE_OLD_SSP_COMPAT ++ # global objects and functions for the old propolice patch in gcc ++ __guard; ++%endif ++ } + GLIBC_PRIVATE { + %if HAVE___THREAD + # This version is for the TLS symbol, GLIBC_2.0 is the old object symbol. +--- debug/Versions ++++ debug/Versions +@@ -10,6 +10,12 @@ libc { + # These are to support some gcc features. + __cyg_profile_func_enter; __cyg_profile_func_exit; + } ++%ifdef ENABLE_OLD_SSP_COMPAT ++ GLIBC_2.3.2 { ++ # backwards ssp compat support; alias to __stack_chk_fail ++ __stack_smash_handler; ++ } ++%endif + GLIBC_2.3.4 { + __chk_fail; + __memcpy_chk; __memmove_chk; __mempcpy_chk; __memset_chk; __stpcpy_chk; +--- elf/rtld.c ++++ elf/rtld.c +@@ -89,6 +89,9 @@ INTDEF(_dl_argv) + in thread local area. */ + uintptr_t __stack_chk_guard attribute_relro; + #endif ++#ifdef ENABLE_OLD_SSP_COMPAT ++uintptr_t __guard attribute_relro; ++#endif + + /* Only exported for architectures that don't store the pointer guard + value in thread local area. */ +@@ -1817,6 +1821,9 @@ ERROR: ld.so: object '%s' cannot be load + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random); ++#ifdef ENABLE_OLD_SSP_COMPAT ++ __guard = stack_chk_guard; ++#endif + #ifdef THREAD_SET_STACK_GUARD + THREAD_SET_STACK_GUARD (stack_chk_guard); + #else +--- elf/Versions ++++ elf/Versions +@@ -43,6 +43,12 @@ ld { + # runtime interface to TLS + __tls_get_addr; + } ++%ifdef ENABLE_OLD_SSP_COMPAT ++ GLIBC_2.3.2 { ++ # backwards ssp compat support ++ __guard; ++ } ++%endif + GLIBC_2.4 { + # stack canary + __stack_chk_guard; +--- Versions.def ++++ Versions.def +@@ -109,6 +109,9 @@ ld { + GLIBC_2.0 + GLIBC_2.1 + GLIBC_2.3 ++%ifdef ENABLE_OLD_SSP_COMPAT ++ GLIBC_2.3.2 ++%endif + GLIBC_2.4 + GLIBC_PRIVATE + } diff --git a/sys-libs/glibc/files/2.11/glibc-2.11-hardened-pie.patch b/sys-libs/glibc/files/2.11/glibc-2.11-hardened-pie.patch new file mode 100644 index 0000000..df7292f --- /dev/null +++ b/sys-libs/glibc/files/2.11/glibc-2.11-hardened-pie.patch @@ -0,0 +1,40 @@ +http://bugs.gentoo.org/292139 + +2009-11-08 Magnus Granberg <zorry@ume.nu> + + * Makeconfig (+link): Set to +link-pie. + (+link-static): Change $(static-start-installed-name) to + S$(static-start-installed-name). + (+prector): Set to +prectorS. + (+postctor): Set to +postctorS. + +--- libc/Makeconfig ++++ libc/Makeconfig +@@ -447,11 +447,12 @@ + $(common-objpfx)libc% $(+postinit),$^) \ + $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) + endif +++link = $(+link-pie) + # Command for statically linking programs with the C library. + ifndef +link-static + +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \ + $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ +- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ + $(+preinit) $(+prector) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -549,11 +550,10 @@ + ifeq ($(elf),yes) + +preinit = $(addprefix $(csu-objpfx),crti.o) + +postinit = $(addprefix $(csu-objpfx),crtn.o) +-+prector = `$(CC) --print-file-name=crtbegin.o` +-+postctor = `$(CC) --print-file-name=crtend.o` +-# Variants of the two previous definitions for linking PIE programs. + +prectorS = `$(CC) --print-file-name=crtbeginS.o` + +postctorS = `$(CC) --print-file-name=crtendS.o` +++prector = $(+prectorS) +++postctor = $(+postctorS) + +interp = $(addprefix $(elf-objpfx),interp.os) + endif + csu-objpfx = $(common-objpfx)csu/ diff --git a/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch b/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch new file mode 100644 index 0000000..3315171 --- /dev/null +++ b/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch @@ -0,0 +1,39 @@ +2010-08-11 Magnus Granberg <zorry@ume.nu> + + #332331 + * Makeconfig (+link): Set to +link-pie. + (+link-static): Change $(static-start-installed-name) to + S$(static-start-installed-name). + (+prector): Set to +prectorS. + (+postctor): Set to +postctorS. + +--- libc/Makeconfig ++++ libc/Makeconfig +@@ -447,11 +447,12 @@ + $(common-objpfx)libc% $(+postinit),$^) \ + $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) + endif +++link = $(+link-pie) + # Command for statically linking programs with the C library. + ifndef +link-static + +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \ + $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ +- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ + $(+preinit) $(+prector) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -549,11 +550,10 @@ + ifeq ($(elf),yes) + +preinit = $(addprefix $(csu-objpfx),crti.o) + +postinit = $(addprefix $(csu-objpfx),crtn.o) +-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` +-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` +-# Variants of the two previous definitions for linking PIE programs. + +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` + +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` +++prector = $(+prectorS) +++postctor = $(+postctorS) + +interp = $(addprefix $(elf-objpfx),interp.os) + endif + csu-objpfx = $(common-objpfx)csu/ diff --git a/sys-libs/glibc/files/2.15/glibc-2.15-localstatedir-backport.patch b/sys-libs/glibc/files/2.15/glibc-2.15-localstatedir-backport.patch new file mode 100644 index 0000000..5f8f15a --- /dev/null +++ b/sys-libs/glibc/files/2.15/glibc-2.15-localstatedir-backport.patch @@ -0,0 +1,13 @@ +Index: work/glibc-2.15/Makeconfig +=================================================================== +--- work.orig/glibc-2.15/Makeconfig ++++ work/glibc-2.15/Makeconfig +@@ -293,7 +293,7 @@ inst_sysconfdir = $(install_root)$(sysco + + # Directory for the database files and Makefile for nss_db. + ifndef vardbdir +-vardbdir = /var/db ++vardbdir = $(prefix)/var/db + endif + inst_vardbdir = $(install_root)$(vardbdir) + diff --git a/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch b/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch new file mode 100644 index 0000000..a850a61 --- /dev/null +++ b/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch @@ -0,0 +1,39 @@ +2012-11-11 Magnus Granberg <zorry@gentoo.org> + + #442712 + * Makeconfig (+link): Set to +link-pie. + (+link-static-before-libc): Change $(static-start-installed-name) to + S$(static-start-installed-name). + (+prector): Set to +prectorS. + (+postctor): Set to +postctorS. + +--- libc/Makeconfig ++++ libc/Makeconfig +@@ -447,11 +447,12 @@ + $(common-objpfx)libc% $(+postinit),$^) \ + $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) + endif +++link = $(+link-pie) + # Command for statically linking programs with the C library. + ifndef +link-static + +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \ + $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ +- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ + $(+preinit) $(+prector) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -549,11 +550,10 @@ + ifeq ($(elf),yes) + +preinit = $(addprefix $(csu-objpfx),crti.o) + +postinit = $(addprefix $(csu-objpfx),crtn.o) +-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` +-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` +-# Variants of the two previous definitions for linking PIE programs. + +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` + +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` +++prector = $(+prectorS) +++postctor = $(+postctorS) + +interp = $(addprefix $(elf-objpfx),interp.os) + endif + csu-objpfx = $(common-objpfx)csu/ diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch new file mode 100644 index 0000000..da4fb82 --- /dev/null +++ b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch @@ -0,0 +1,42 @@ +2012-11-11 Magnus Granberg <zorry@gentoo.org> + + #442712 + * Makeconfig (+link): Set to +link-pie. + (+link-static-before-libc): Change $(static-start-installed-name) to + S$(static-start-installed-name). + (+prector): Set to +prectorS. + (+postctor): Set to +postctorS. + +--- libc/Makeconfig ++++ libc/Makeconfig +@@ -447,11 +447,12 @@ + $(common-objpfx)libc% $(+postinit),$^) \ + $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) + endif +++link = $(+link-pie) + # Command for statically linking programs with the C library. + ifndef +link-static + +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \ + $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ +- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ + $(+preinit) $(+prectorT) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -549,11 +550,10 @@ + ifeq ($(elf),yes) + +preinit = $(addprefix $(csu-objpfx),crti.o) + +postinit = $(addprefix $(csu-objpfx),crtn.o) +-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` +-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` +-# Variants of the two previous definitions for linking PIE programs. + +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` + +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` +++prector = $(+prectorS) +++postctor = $(+postctorS) + # Variants of the two previous definitions for statically linking programs. + +prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o` + +postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` + +interp = $(addprefix $(elf-objpfx),interp.os) + endif + csu-objpfx = $(common-objpfx)csu/ diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-runtime-prefix.patch b/sys-libs/glibc/files/2.17/glibc-2.17-runtime-prefix.patch new file mode 100644 index 0000000..8fc683d --- /dev/null +++ b/sys-libs/glibc/files/2.17/glibc-2.17-runtime-prefix.patch @@ -0,0 +1,162 @@ +Index: glibc-2.19/sysdeps/generic/paths.h +=================================================================== +--- glibc-2.19.orig/sysdeps/generic/paths.h ++++ glibc-2.19/sysdeps/generic/paths.h +@@ -33,43 +33,43 @@ + #define _PATHS_H_ + + /* Default search path. */ +-#define _PATH_DEFPATH "/usr/bin:/bin" ++#define _PATH_DEFPATH "@GENTOO_PORTAGE_EPREFIX@/usr/bin:@GENTOO_PORTAGE_EPREFIX@/bin" + /* All standard utilities path. */ + #define _PATH_STDPATH \ +- "/usr/bin:/bin:/usr/sbin:/sbin" ++ "@GENTOO_PORTAGE_EPREFIX@/usr/bin:@GENTOO_PORTAGE_EPREFIX@/bin:@GENTOO_PORTAGE_EPREFIX@/usr/sbin:@GENTOO_PORTAGE_EPREFIX@/sbin" + +-#define _PATH_BSHELL "/bin/sh" ++#define _PATH_BSHELL "@GENTOO_PORTAGE_EPREFIX@/bin/sh" + #define _PATH_CONSOLE "/dev/console" +-#define _PATH_CSHELL "/bin/csh" +-#define _PATH_DEVDB "/var/run/dev.db" ++#define _PATH_CSHELL "@GENTOO_PORTAGE_EPREFIX@/bin/csh" ++#define _PATH_DEVDB "@GENTOO_PORTAGE_EPREFIX@/var/run/dev.db" + #define _PATH_DEVNULL "/dev/null" + #define _PATH_DRUM "/dev/drum" +-#define _PATH_GSHADOW "/etc/gshadow" ++#define _PATH_GSHADOW "@GENTOO_PORTAGE_EPREFIX@/etc/gshadow" + #define _PATH_KMEM "/dev/kmem" +-#define _PATH_LASTLOG "/var/log/lastlog" ++#define _PATH_LASTLOG "@GENTOO_PORTAGE_EPREFIX@/var/log/lastlog" + #define _PATH_MAILDIR "/var/mail" +-#define _PATH_MAN "/usr/share/man" ++#define _PATH_MAN "@GENTOO_PORTAGE_EPREFIX@/usr/share/man" + #define _PATH_MEM "/dev/mem" +-#define _PATH_MNTTAB "/etc/fstab" +-#define _PATH_MOUNTED "/var/run/mtab" +-#define _PATH_NOLOGIN "/etc/nologin" +-#define _PATH_PRESERVE "/var/lib" +-#define _PATH_RWHODIR "/var/spool/rwho" +-#define _PATH_SENDMAIL "/usr/sbin/sendmail" +-#define _PATH_SHADOW "/etc/shadow" +-#define _PATH_SHELLS "/etc/shells" ++#define _PATH_MNTTAB "@GENTOO_PORTAGE_EPREFIX@/etc/fstab" ++#define _PATH_MOUNTED "@GENTOO_PORTAGE_EPREFIX@/var/run/mtab" ++#define _PATH_NOLOGIN "@GENTOO_PORTAGE_EPREFIX@/etc/nologin" ++#define _PATH_PRESERVE "@GENTOO_PORTAGE_EPREFIX@/var/lib" ++#define _PATH_RWHODIR "@GENTOO_PORTAGE_EPREFIX@/var/spool/rwho" ++#define _PATH_SENDMAIL "@GENTOO_PORTAGE_EPREFIX@/usr/sbin/sendmail" ++#define _PATH_SHADOW "@GENTOO_PORTAGE_EPREFIX@/etc/shadow" ++#define _PATH_SHELLS "@GENTOO_PORTAGE_EPREFIX@/etc/shells" + #define _PATH_TTY "/dev/tty" + #define _PATH_UNIX "/vmunix" +-#define _PATH_UTMP "/var/run/utmp" +-#define _PATH_UTMP_DB "/var/run/utmp.db" +-#define _PATH_VI "/usr/bin/vi" ++#define _PATH_UTMP "@GENTOO_PORTAGE_EPREFIX@/var/run/utmp" ++#define _PATH_UTMP_DB "@GENTOO_PORTAGE_EPREFIX@/var/run/utmp.db" ++#define _PATH_VI "@GENTOO_PORTAGE_EPREFIX@/usr/bin/vi" + #define _PATH_WTMP "/var/log/wtmp" + + /* Provide trailing slash, since mostly used for building pathnames. */ + #define _PATH_DEV "/dev/" + #define _PATH_TMP "/tmp/" +-#define _PATH_VARDB "/var/db/" +-#define _PATH_VARRUN "/var/run/" ++#define _PATH_VARDB "@GENTOO_PORTAGE_EPREFIX@/var/db/" ++#define _PATH_VARRUN "@GENTOO_PORTAGE_EPREFIX@/var/run/" + #define _PATH_VARTMP "/var/tmp/" + + #endif /* !_PATHS_H_ */ +Index: glibc-2.19/sysdeps/unix/sysv/linux/paths.h +=================================================================== +--- glibc-2.19.orig/sysdeps/unix/sysv/linux/paths.h ++++ glibc-2.19/sysdeps/unix/sysv/linux/paths.h +@@ -33,43 +33,43 @@ + #define _PATHS_H_ + + /* Default search path. */ +-#define _PATH_DEFPATH "/usr/bin:/bin" ++#define _PATH_DEFPATH "@GENTOO_PORTAGE_EPREFIX@/usr/bin:@GENTOO_PORTAGE_EPREFIX@/bin" + /* All standard utilities path. */ + #define _PATH_STDPATH \ +- "/usr/bin:/bin:/usr/sbin:/sbin" ++ "@GENTOO_PORTAGE_EPREFIX@/usr/bin:@GENTOO_PORTAGE_EPREFIX@/bin:@GENTOO_PORTAGE_EPREFIX@/usr/sbin:@GENTOO_PORTAGE_EPREFIX@/sbin" + +-#define _PATH_BSHELL "/bin/sh" ++#define _PATH_BSHELL "@GENTOO_PORTAGE_EPREFIX@/bin/sh" + #define _PATH_CONSOLE "/dev/console" +-#define _PATH_CSHELL "/bin/csh" +-#define _PATH_DEVDB "/var/run/dev.db" ++#define _PATH_CSHELL "@GENTOO_PORTAGE_EPREFIX@/bin/csh" ++#define _PATH_DEVDB "@GENTOO_PORTAGE_EPREFIX@/var/run/dev.db" + #define _PATH_DEVNULL "/dev/null" + #define _PATH_DRUM "/dev/drum" +-#define _PATH_GSHADOW "/etc/gshadow" ++#define _PATH_GSHADOW "@GENTOO_PORTAGE_EPREFIX@/etc/gshadow" + #define _PATH_KLOG "/proc/kmsg" + #define _PATH_KMEM "/dev/kmem" + #define _PATH_LASTLOG "/var/log/lastlog" + #define _PATH_MAILDIR "/var/mail" +-#define _PATH_MAN "/usr/share/man" ++#define _PATH_MAN "@GENTOO_PORTAGE_EPREFIX@/usr/share/man" + #define _PATH_MEM "/dev/mem" +-#define _PATH_MNTTAB "/etc/fstab" +-#define _PATH_MOUNTED "/etc/mtab" +-#define _PATH_NOLOGIN "/etc/nologin" +-#define _PATH_PRESERVE "/var/lib" +-#define _PATH_RWHODIR "/var/spool/rwho" +-#define _PATH_SENDMAIL "/usr/sbin/sendmail" +-#define _PATH_SHADOW "/etc/shadow" +-#define _PATH_SHELLS "/etc/shells" ++#define _PATH_MNTTAB "@GENTOO_PORTAGE_EPREFIX@/etc/fstab" ++#define _PATH_MOUNTED "@GENTOO_PORTAGE_EPREFIX@/etc/mtab" ++#define _PATH_NOLOGIN "@GENTOO_PORTAGE_EPREFIX@/etc/nologin" ++#define _PATH_PRESERVE "@GENTOO_PORTAGE_EPREFIX@/var/lib" ++#define _PATH_RWHODIR "@GENTOO_PORTAGE_EPREFIX@/var/spool/rwho" ++#define _PATH_SENDMAIL "@GENTOO_PORTAGE_EPREFIX@/usr/sbin/sendmail" ++#define _PATH_SHADOW "@GENTOO_PORTAGE_EPREFIX@/etc/shadow" ++#define _PATH_SHELLS "@GENTOO_PORTAGE_EPREFIX@/etc/shells" + #define _PATH_TTY "/dev/tty" + #define _PATH_UNIX "/boot/vmlinux" +-#define _PATH_UTMP "/var/run/utmp" +-#define _PATH_VI "/usr/bin/vi" ++#define _PATH_UTMP "@GENTOO_PORTAGE_EPREFIX@/var/run/utmp" ++#define _PATH_VI "@GENTOO_PORTAGE_EPREFIX@/usr/bin/vi" + #define _PATH_WTMP "/var/log/wtmp" + + /* Provide trailing slash, since mostly used for building pathnames. */ + #define _PATH_DEV "/dev/" + #define _PATH_TMP "/tmp/" +-#define _PATH_VARDB "/var/db/" +-#define _PATH_VARRUN "/var/run/" ++#define _PATH_VARDB "@GENTOO_PORTAGE_EPREFIX@/var/db/" ++#define _PATH_VARRUN "@GENTOO_PORTAGE_EPREFIX@/var/run/" + #define _PATH_VARTMP "/var/tmp/" + + #endif /* !_PATHS_H_ */ +Index: glibc-2.19/sysdeps/posix/system.c +=================================================================== +--- glibc-2.19.orig/sysdeps/posix/system.c ++++ glibc-2.19/sysdeps/posix/system.c +@@ -26,7 +26,7 @@ + #include <sysdep-cancel.h> + + +-#define SHELL_PATH "/bin/sh" /* Path of the shell. */ ++#define SHELL_PATH "@GENTOO_PORTAGE_EPREFIX@/bin/sh" /* Path of the shell. */ + #define SHELL_NAME "sh" /* Name to give it. */ + + +Index: glibc-2.19/libio/iopopen.c +=================================================================== +--- glibc-2.19.orig/libio/iopopen.c ++++ glibc-2.19/libio/iopopen.c +@@ -222,7 +222,7 @@ _IO_new_proc_open (fp, command, mode) + _IO_close (fd); + } + +- _IO_execl ("/bin/sh", "sh", "-c", command, (char *) 0); ++ _IO_execl ("@GENTOO_PORTAGE_EPREFIX@/bin/sh", "sh", "-c", command, (char *) 0); + _IO__exit (127); + } + _IO_close (child_end); diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-shadow-prefix.patch b/sys-libs/glibc/files/2.17/glibc-2.17-shadow-prefix.patch new file mode 100644 index 0000000..0e3979c --- /dev/null +++ b/sys-libs/glibc/files/2.17/glibc-2.17-shadow-prefix.patch @@ -0,0 +1,33 @@ +Index: shadow/Makefile +=================================================================== +--- shadow/Makefile.orig ++++ shadow/Makefile +@@ -20,6 +20,8 @@ + # + subdir := shadow + ++include ../Makeconfig ++ + headers = shadow.h + routines = getspent getspnam sgetspent fgetspent putspent \ + getspent_r getspnam_r sgetspent_r fgetspent_r \ +@@ -34,5 +36,6 @@ CFLAGS-fgetspent_r.c = -fexceptions $(li + CFLAGS-putspent.c = -fexceptions $(libio-mtsafe) + CFLAGS-getspnam.c = -fexceptions + CFLAGS-getspnam_r.c = -fexceptions ++CPPFLAGS-lckpwdf.c = -DSYSCONFDIR='"$(sysconfdir)"' + + include ../Rules +Index: shadow/lckpwdf.c +=================================================================== +--- shadow/lckpwdf.c.orig ++++ shadow/lckpwdf.c +@@ -29,7 +29,7 @@ + + + /* Name of the lock file. */ +-#define PWD_LOCKFILE "/etc/.pwd.lock" ++#define PWD_LOCKFILE SYSCONFDIR "/.pwd.lock" + + /* How long to wait for getting the lock before returning with an + error. */ diff --git a/sys-libs/glibc/files/2.17/locale-gen_prefix.patch b/sys-libs/glibc/files/2.17/locale-gen_prefix.patch new file mode 100644 index 0000000..f378605 --- /dev/null +++ b/sys-libs/glibc/files/2.17/locale-gen_prefix.patch @@ -0,0 +1,77 @@ +bug #473484 +Index: work/extra/locale/locale-gen +=================================================================== +--- work.orig/extra/locale/locale-gen ++++ work/extra/locale/locale-gen +@@ -8,7 +8,13 @@ unset POSIXLY_CORRECT IFS + umask 0022 + + argv0=${0##*/} +-source /etc/init.d/functions.sh || { ++ ++EPREFIX="@GENTOO_PORTAGE_EPREFIX@" ++if [[ ${EPREFIX} == "@"GENTOO_PORTAGE_EPREFIX"@" ]] ; then ++ EPREFIX="" ++fi ++ ++source "${EPREFIX}"/etc/init.d/functions.sh || { + echo "${argv0}: Could not source /etc/init.d/functions.sh!" 1>&2 + exit 1 + } +@@ -97,13 +103,14 @@ if [[ -n ${DESTDIR} ]] && [[ ${ROOT} != + eerror "DESTDIR and ROOT are mutually exclusive options" + exit 1 + fi +-if [[ ${ROOT} != "/" ]] ; then +- einfo "Using locale.gen from ROOT ${ROOT}etc/" ++: ${EROOT:="${ROOT%/}${EPREFIX}/"} ++if [[ ${EROOT} != "/" ]] ; then ++ einfo "Using locale.gen from ROOT ${EROOT}etc/" + fi + if [[ -n ${DESTDIR} ]] ; then + einfo "Building locales in DESTDIR '${DESTDIR}'" + else +- DESTDIR=${ROOT} ++ DESTDIR=${EROOT} + fi + + # XXX: should fix this ... +@@ -112,7 +119,7 @@ if [[ ${ROOT} != "/" ]] ; then + exit 0 + fi + +-: ${CONFIG:=${ROOT}etc/locale.gen} ++: ${CONFIG:=${EROOT}etc/locale.gen} + LOCALES=${DESTDIR}usr/share/i18n/locales + CHARMAPS=${DESTDIR}usr/share/i18n/charmaps + SUPPORTED=${DESTDIR}usr/share/i18n/SUPPORTED +@@ -150,7 +157,10 @@ fi + + # Extract the location of the locale dir on the fly as `localedef --help` has: + # locale path : /usr/lib64/locale:/usr/share/i18n +-LOCALEDIR=${DESTDIR}$(LC_ALL="C" "${DESTDIR}"usr/bin/localedef --help | sed -n -e '/locale path/{s|.* : ||;s|:.*||;p}') ++# For long paths, the line may get wrapped into two, in which case space (' ') is replaced ++# by newline (\n). ++LOCALEDIR=$(LC_ALL="C" "${DESTDIR}"usr/bin/localedef --help | sed -n -r '/locale path/{N;s|.*:[ \n](.*):/.*|\1|;p}') ++LOCALEDIR="${DESTDIR}${LOCALEDIR#${EPREFIX}}" + if [[ $? -ne 0 ]] || [[ -z ${LOCALEDIR} ]] || [[ ${LOCALEDIR} != ${DESTDIR}/usr/lib*/locale ]] ; then + eerror "Unable to parse the output of your localedef utility." 1>&2 + eerror "File a bug about this issue and include the output of 'localedef --help'." 1>&2 +@@ -160,7 +170,7 @@ fi + + + if [[ ${QUIET} -eq 0 ]] && [[ -z ${JUST_LIST} ]] && \ +- [[ -e ${ROOT}etc/locales.build ]] ++ [[ -e ${EROOT}etc/locales.build ]] + then + ewarn "You should upgrade your /etc/locales.build to /etc/locale.gen" + ewarn "and then remove /etc/locales.build when you're done.\n" +@@ -280,7 +290,7 @@ generate_locale() { + -i "${input}" \ + -f "${charmap}" \ + -A "${ALIAS}" \ +- --prefix "${DESTDIR}" \ ++ --prefix "${DESTDIR%${EPREFIX}/}/" \ + "${locale}" 2>&1 + ret=$? + [[ -n ${output} ]] && eend ${ret} diff --git a/sys-libs/glibc/files/2.17/vdso-disable.patch b/sys-libs/glibc/files/2.17/vdso-disable.patch new file mode 100644 index 0000000..0354ae9 --- /dev/null +++ b/sys-libs/glibc/files/2.17/vdso-disable.patch @@ -0,0 +1,34 @@ +Index: work/glibc-2.17/elf/dl-support.c +=================================================================== +--- work.orig/glibc-2.17/elf/dl-support.c ++++ work/glibc-2.17/elf/dl-support.c +@@ -212,16 +212,6 @@ _dl_aux_init (ElfW(auxv_t) *av) + case AT_HWCAP: + GLRO(dl_hwcap) = (unsigned long int) av->a_un.a_val; + break; +-#ifdef NEED_DL_SYSINFO +- case AT_SYSINFO: +- GL(dl_sysinfo) = av->a_un.a_val; +- break; +-#endif +-#if defined NEED_DL_SYSINFO || defined NEED_DL_SYSINFO_DSO +- case AT_SYSINFO_EHDR: +- GL(dl_sysinfo_dso) = (void *) av->a_un.a_val; +- break; +-#endif + case AT_UID: + uid ^= av->a_un.a_val; + seen |= 1; +Index: work/glibc-2.17/elf/setup-vdso.h +=================================================================== +--- work.orig/glibc-2.17/elf/setup-vdso.h ++++ work/glibc-2.17/elf/setup-vdso.h +@@ -20,7 +20,7 @@ static inline void __attribute__ ((alway + setup_vdso (struct link_map *main_map __attribute__ ((unused)), + struct link_map ***first_preload __attribute__ ((unused))) + { +-#if defined NEED_DL_SYSINFO || defined NEED_DL_SYSINFO_DSO ++#if 0 + if (GLRO(dl_sysinfo_dso) == NULL) + return; + diff --git a/sys-libs/glibc/files/2.17/vdso.patch b/sys-libs/glibc/files/2.17/vdso.patch new file mode 100644 index 0000000..eb9a492 --- /dev/null +++ b/sys-libs/glibc/files/2.17/vdso.patch @@ -0,0 +1,17 @@ +Index: glibc-2.17/sysdeps/unix/sysv/linux/x86_64/gettimeofday.c +=================================================================== +--- glibc-2.17.orig/sysdeps/unix/sysv/linux/x86_64/gettimeofday.c ++++ glibc-2.17/sysdeps/unix/sysv/linux/x86_64/gettimeofday.c +@@ -28,11 +28,7 @@ void *gettimeofday_ifunc (void) __asm__ + void * + gettimeofday_ifunc (void) + { +- PREPARE_VERSION (linux26, "LINUX_2.6", 61765110); +- +- /* If the vDSO is not available we fall back on the old vsyscall. */ +- return (_dl_vdso_vsym ("__vdso_gettimeofday", &linux26) +- ?: (void *) VSYSCALL_ADDR_vgettimeofday); ++ return (void *) VSYSCALL_ADDR_vgettimeofday; + } + asm (".type __gettimeofday, %gnu_indirect_function"); + diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-configurable-paths.patch b/sys-libs/glibc/files/2.19/glibc-2.19-configurable-paths.patch new file mode 100644 index 0000000..1cf906a --- /dev/null +++ b/sys-libs/glibc/files/2.19/glibc-2.19-configurable-paths.patch @@ -0,0 +1,2115 @@ +Index: glibc-2.19/nis/Makefile +=================================================================== +--- glibc-2.19.orig/nis/Makefile ++++ glibc-2.19/nis/Makefile +@@ -58,6 +58,11 @@ libnsl-routines = yp_xdr ypclnt ypupdate + nis_clone_res nss-default + + libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups) ++SYSCONF-FLAGS := -D'SYSCONFDIR="$(sysconfdir)"' ++CPPFLAGS-compat-grp.c = $(SYSCONF-FLAGS) ++CPPFLAGS-compat-pwd.c = $(SYSCONF-FLAGS) ++CPPFLAGS-compat-spwd.c = $(SYSCONF-FLAGS) ++CPPFLAGS-compat-initgroups.c = $(SYSCONF-FLAGS) + libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes)) + + libnss_nis-routines := $(addprefix nis-,$(databases)) nis-initgroups \ +Index: glibc-2.19/nis/nss_compat/compat-grp.c +=================================================================== +--- glibc-2.19.orig/nis/nss_compat/compat-grp.c ++++ glibc-2.19/nis/nss_compat/compat-grp.c +@@ -120,7 +120,7 @@ internal_setgrent (ent_t *ent, int stayo + + if (ent->stream == NULL) + { +- ent->stream = fopen ("/etc/group", "rme"); ++ ent->stream = fopen (SYSCONFDIR "/group", "rme"); + + if (ent->stream == NULL) + status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; +Index: glibc-2.19/nis/nss_compat/compat-initgroups.c +=================================================================== +--- glibc-2.19.orig/nis/nss_compat/compat-initgroups.c ++++ glibc-2.19/nis/nss_compat/compat-initgroups.c +@@ -136,7 +136,7 @@ internal_setgrent (ent_t *ent) + else + ent->blacklist.current = 0; + +- ent->stream = fopen ("/etc/group", "rme"); ++ ent->stream = fopen (SYSCONFDIR "/group", "rme"); + + if (ent->stream == NULL) + status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; +Index: glibc-2.19/nis/nss_compat/compat-pwd.c +=================================================================== +--- glibc-2.19.orig/nis/nss_compat/compat-pwd.c ++++ glibc-2.19/nis/nss_compat/compat-pwd.c +@@ -235,7 +235,7 @@ internal_setpwent (ent_t *ent, int stayo + + if (ent->stream == NULL) + { +- ent->stream = fopen ("/etc/passwd", "rme"); ++ ent->stream = fopen (SYSCONFDIR "/passwd", "rme"); + + if (ent->stream == NULL) + status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; +Index: glibc-2.19/nis/nss_compat/compat-spwd.c +=================================================================== +--- glibc-2.19.orig/nis/nss_compat/compat-spwd.c ++++ glibc-2.19/nis/nss_compat/compat-spwd.c +@@ -191,7 +191,7 @@ internal_setspent (ent_t *ent, int stayo + + if (ent->stream == NULL) + { +- ent->stream = fopen ("/etc/shadow", "rme"); ++ ent->stream = fopen (SYSCONFDIR "/shadow", "rme"); + + if (ent->stream == NULL) + status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; +Index: glibc-2.19/nss/Makefile +=================================================================== +--- glibc-2.19.orig/nss/Makefile ++++ glibc-2.19/nss/Makefile +@@ -39,6 +39,8 @@ extra-objs += $(makedb-modules:=.o) + + tests = test-netdb tst-nss-test1 test-digits-dots + xtests = bug-erange ++SYSCONF-FLAGS := -D'SYSCONFDIR="$(sysconfdir)"' ++CPPFLAGS-bug-erange.c = $(SYSCONF-FLAGS) + + include ../Makeconfig + +@@ -57,6 +59,8 @@ vpath %.c $(subdir-dirs) ../locale/progr + + libnss_files-routines := $(addprefix files-,$(databases)) \ + files-initgroups files-have_o_cloexec files-init ++CPPFLAGS-files-init.c = $(SYSCONF-FLAGS) ++CPPFLAGS-files-initgroups.c = $(SYSCONF-FLAGS) + + libnss_db-dbs := $(addprefix db-,\ + $(filter-out hosts network key alias,\ +@@ -102,7 +106,7 @@ $(libnss_db-dbs:%=$(objpfx)%.c): $(objpf + + $(objpfx)makedb: $(makedb-modules:%=$(objpfx)%.o) + +-$(inst_vardbdir)/Makefile: db-Makefile $(+force) ++$(inst_vardbdir)/Makefile: $(objpfx)db-Makefile $(+force) + $(do-install) + + CFLAGS-nss_test1.c = -DNOT_IN_libc=1 +Index: glibc-2.19/nss/bug-erange.c +=================================================================== +--- glibc-2.19.orig/nss/bug-erange.c ++++ glibc-2.19/nss/bug-erange.c +@@ -37,7 +37,7 @@ main (void) + { + printf ("gethostbyname_r failed: %s (errno: %m)\n", strerror (res)); + +- if (access ("/etc/resolv.conf", R_OK)) ++ if (access (SYSCONFDIR "/resolv.conf", R_OK)) + { + puts ("DNS probably not set up"); + return 0; +Index: glibc-2.19/nss/nss_files/files-init.c +=================================================================== +--- glibc-2.19.orig/nss/nss_files/files-init.c ++++ glibc-2.19/nss/nss_files/files-init.c +@@ -35,33 +35,33 @@ static union \ + } \ + } + +-TF (pwd, "/etc/passwd"); +-TF (grp, "/etc/group"); +-TF (hst, "/etc/hosts"); +-TF (resolv, "/etc/resolv.conf", .call_res_init = 1); +-TF (serv, "/etc/services"); +-TF (netgr, "/etc/netgroup"); ++TF (pwd, SYSCONFDIR "/passwd"); ++TF (grp, SYSCONFDIR "/group"); ++TF (hst, SYSCONFDIR "/hosts"); ++TF (resolv, SYSCONFDIR "/resolv.conf", .call_res_init = 1); ++TF (serv, SYSCONFDIR "/services"); ++TF (netgr, SYSCONFDIR "/netgroup"); + + + void + _nss_files_init (void (*cb) (size_t, struct traced_file *)) + { +- strcpy (pwd_traced_file.file.fname, "/etc/passwd"); ++ strcpy (pwd_traced_file.file.fname, SYSCONFDIR "/passwd"); + cb (pwddb, &pwd_traced_file.file); + +- strcpy (grp_traced_file.file.fname, "/etc/group"); ++ strcpy (grp_traced_file.file.fname, SYSCONFDIR "/group"); + cb (grpdb, &grp_traced_file.file); + +- strcpy (hst_traced_file.file.fname, "/etc/hosts"); ++ strcpy (hst_traced_file.file.fname, SYSCONFDIR "/hosts"); + cb (hstdb, &hst_traced_file.file); + +- strcpy (resolv_traced_file.file.fname, "/etc/resolv.conf"); ++ strcpy (resolv_traced_file.file.fname, SYSCONFDIR "/resolv.conf"); + cb (hstdb, &resolv_traced_file.file); + +- strcpy (serv_traced_file.file.fname, "/etc/services"); ++ strcpy (serv_traced_file.file.fname, SYSCONFDIR "/services"); + cb (servdb, &serv_traced_file.file); + +- strcpy (netgr_traced_file.file.fname, "/etc/netgroup"); ++ strcpy (netgr_traced_file.file.fname, SYSCONFDIR "/netgroup"); + cb (netgrdb, &netgr_traced_file.file); + } + +Index: glibc-2.19/nss/nss_files/files-initgroups.c +=================================================================== +--- glibc-2.19.orig/nss/nss_files/files-initgroups.c ++++ glibc-2.19/nss/nss_files/files-initgroups.c +@@ -31,7 +31,7 @@ _nss_files_initgroups_dyn (const char *u + long int *size, gid_t **groupsp, long int limit, + int *errnop) + { +- FILE *stream = fopen ("/etc/group", "rce"); ++ FILE *stream = fopen (SYSCONFDIR "/group", "rce"); + if (stream == NULL) + { + *errnop = errno; +Index: glibc-2.19/nss/db-Makefile +=================================================================== +--- glibc-2.19.orig/nss/db-Makefile ++++ /dev/null +@@ -1,166 +0,0 @@ +-# Makefile to (re-)generate db versions of system database files. +-# Copyright (C) 1996-2014 Free Software Foundation, Inc. +-# This file is part of the GNU C Library. +-# Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996. +-# +- +-# The GNU C Library is free software; you can redistribute it and/or +-# modify it under the terms of the GNU Lesser General Public +-# License as published by the Free Software Foundation; either +-# version 2.1 of the License, or (at your option) any later version. +- +-# The GNU C Library is distributed in the hope that it will be useful, +-# but WITHOUT ANY WARRANTY; without even the implied warranty of +-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +-# Lesser General Public License for more details. +- +-# You should have received a copy of the GNU Lesser General Public +-# License along with the GNU C Library; if not, see +-# <http://www.gnu.org/licenses/>. +- +-DATABASES = $(wildcard /etc/passwd /etc/group /etc/ethers /etc/protocols \ +- /etc/rpc /etc/services /etc/shadow /etc/gshadow \ +- /etc/netgroup) +- +-VAR_DB = /var/db +- +-AWK = awk +-MAKEDB = makedb --quiet +- +-all: $(patsubst %,$(VAR_DB)/%.db,$(notdir $(DATABASES))) +- +- +-$(VAR_DB)/passwd.db: /etc/passwd +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$3; print }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/group.db: /etc/group +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$3; print; \ +- if ($$4 != "") { \ +- split($$4, grmems, ","); \ +- for (memidx in grmems) { \ +- mem=grmems[memidx]; \ +- if (members[mem] == "") \ +- members[mem]=$$3; \ +- else \ +- members[mem]=members[mem] "," $$3; \ +- } \ +- delete grmems; } } \ +- END { for (mem in members) \ +- printf ":%s %s %s\n", mem, mem, members[mem]; }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/ethers.db: /etc/ethers +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) '/^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$2; print }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/protocols.db: /etc/protocols +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) '/^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$2; print; \ +- for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ +- { printf ".%s ", $$i; print } }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/rpc.db: /etc/rpc +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) '/^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$2; print; \ +- for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ +- { printf ".%s ", $$i; print } }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/services.db: /etc/services +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS="[ \t/]+" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { sub(/[ \t]*#.*$$/, "");\ +- printf ":%s/%s ", $$1, $$3; print; \ +- printf ":%s/ ", $$1; print; \ +- printf "=%s/%s ", $$2, $$3; print; \ +- printf "=%s/ ", $$2; print; \ +- for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \ +- { printf ":%s/%s ", $$i, $$3; print; \ +- printf ":%s/ ", $$i; print } }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/shadow.db: /etc/shadow +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print }' $^ | \ +- (umask 077 && $(MAKEDB) -o $@ -) +- @echo "done." +- @if chgrp shadow $@ 2>/dev/null; then \ +- chmod g+r $@; \ +- else \ +- chown 0 $@; chgrp 0 $@; chmod 600 $@; \ +- echo; \ +- echo "Warning: The shadow password database $@"; \ +- echo "has been set to be readable only by root. You may want"; \ +- echo "to make it readable by the \`shadow' group depending"; \ +- echo "on your configuration."; \ +- echo; \ +- fi +- +-$(VAR_DB)/gshadow.db: /etc/gshadow +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print }' $^ | \ +- (umask 077 && $(MAKEDB) -o $@ -) +- @echo "done." +- @if chgrp shadow $@ 2>/dev/null; then \ +- chmod g+r $@; \ +- else \ +- chown 0 $@; chgrp 0 $@; chmod 600 $@; \ +- echo; \ +- echo "Warning: The shadow group database $@"; \ +- echo "has been set to be readable only by root. You may want"; \ +- echo "to make it readable by the \`shadow' group depending"; \ +- echo "on your configuration."; \ +- echo; \ +- fi +- +-$(VAR_DB)/netgroup.db: /etc/netgroup +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { ini=1 } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \ +- else end=""; \ +- gsub(/[ \t]+/, " "); \ +- sub(/^[ \t]*/, ""); \ +- if (ini == 0) printf "%s%s", $$0, end; \ +- else printf ".%s %s%s", $$1, $$0, end; \ +- ini=end == "" ? 0 : 1; } \ +- END { if (ini==0) printf "\n" }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +Index: glibc-2.19/nss/db-Makefile.in +=================================================================== +--- /dev/null ++++ glibc-2.19/nss/db-Makefile.in +@@ -0,0 +1,173 @@ ++ ++# Makefile to (re-)generate db versions of system database files. ++# Copyright (C) 1996-2014 Free Software Foundation, Inc. ++# This file is part of the GNU C Library. ++# Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996. ++# ++ ++# The GNU C Library is free software; you can redistribute it and/or ++# modify it under the terms of the GNU Lesser General Public ++# License as published by the Free Software Foundation; either ++# version 2.1 of the License, or (at your option) any later version. ++ ++# The GNU C Library is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# Lesser General Public License for more details. ++ ++# You should have received a copy of the GNU Lesser General Public ++# License along with the GNU C Library; if not, see ++# <http://www.gnu.org/licenses/>. ++ ++DATABASES = $(wildcard @libc_cv_sysconfdir@/passwd \ ++ @libc_cv_sysconfdir@/group \ ++ @libc_cv_sysconfdir@/ethers \ ++ @libc_cv_sysconfdir@/protocols \ ++ @libc_cv_sysconfdir@/rpc \ ++ @libc_cv_sysconfdir@/services \ ++ @libc_cv_sysconfdir@/shadow \ ++ @libc_cv_sysconfdir@/gshadow \ ++ @libc_cv_sysconfdir@/netgroup) ++ ++VAR_DB = /var/db ++ ++AWK = awk ++MAKEDB = makedb --quiet ++ ++all: $(patsubst %,$(VAR_DB)/%.db,$(notdir $(DATABASES))) ++ ++ ++$(VAR_DB)/passwd.db: @libc_cv_sysconfdir@/passwd ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$3; print }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/group.db: @libc_cv_sysconfdir@/group ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$3; print; \ ++ if ($$4 != "") { \ ++ split($$4, grmems, ","); \ ++ for (memidx in grmems) { \ ++ mem=grmems[memidx]; \ ++ if (members[mem] == "") \ ++ members[mem]=$$3; \ ++ else \ ++ members[mem]=members[mem] "," $$3; \ ++ } \ ++ delete grmems; } } \ ++ END { for (mem in members) \ ++ printf ":%s %s %s\n", mem, mem, members[mem]; }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/ethers.db: @libc_cv_sysconfdir@/ethers ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) '/^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$2; print }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/protocols.db: @libc_cv_sysconfdir@/protocols ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) '/^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$2; print; \ ++ for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ ++ { printf ".%s ", $$i; print } }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/rpc.db: @libc_cv_sysconfdir@/rpc ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) '/^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$2; print; \ ++ for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ ++ { printf ".%s ", $$i; print } }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/services.db: @libc_cv_sysconfdir@/services ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS="[ \t/]+" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { sub(/[ \t]*#.*$$/, "");\ ++ printf ":%s/%s ", $$1, $$3; print; \ ++ printf ":%s/ ", $$1; print; \ ++ printf "=%s/%s ", $$2, $$3; print; \ ++ printf "=%s/ ", $$2; print; \ ++ for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \ ++ { printf ":%s/%s ", $$i, $$3; print; \ ++ printf ":%s/ ", $$i; print } }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/shadow.db: @libc_cv_sysconfdir@/shadow ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print }' $^ | \ ++ (umask 077 && $(MAKEDB) -o $@ -) ++ @echo "done." ++ @if chgrp shadow $@ 2>/dev/null; then \ ++ chmod g+r $@; \ ++ else \ ++ chown 0 $@; chgrp 0 $@; chmod 600 $@; \ ++ echo; \ ++ echo "Warning: The shadow password database $@"; \ ++ echo "has been set to be readable only by root. You may want"; \ ++ echo "to make it readable by the \`shadow' group depending"; \ ++ echo "on your configuration."; \ ++ echo; \ ++ fi ++ ++$(VAR_DB)/gshadow.db: @libc_cv_sysconfdir@/gshadow ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print }' $^ | \ ++ (umask 077 && $(MAKEDB) -o $@ -) ++ @echo "done." ++ @if chgrp shadow $@ 2>/dev/null; then \ ++ chmod g+r $@; \ ++ else \ ++ chown 0 $@; chgrp 0 $@; chmod 600 $@; \ ++ echo; \ ++ echo "Warning: The shadow group database $@"; \ ++ echo "has been set to be readable only by root. You may want"; \ ++ echo "to make it readable by the \`shadow' group depending"; \ ++ echo "on your configuration."; \ ++ echo; \ ++ fi ++ ++$(VAR_DB)/netgroup.db: @libc_cv_sysconfdir@/netgroup ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { ini=1 } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \ ++ else end=""; \ ++ gsub(/[ \t]+/, " "); \ ++ sub(/^[ \t]*/, ""); \ ++ if (ini == 0) printf "%s%s", $$0, end; \ ++ else printf ".%s %s%s", $$1, $$0, end; \ ++ ini=end == "" ? 0 : 1; } \ ++ END { if (ini==0) printf "\n" }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." +Index: glibc-2.19/resolv/netdb.h +=================================================================== +--- glibc-2.19.orig/resolv/netdb.h ++++ glibc-2.19/resolv/netdb.h +@@ -42,12 +42,12 @@ + #include <bits/netdb.h> + + /* Absolute file name for network data base files. */ +-#define _PATH_HEQUIV "/etc/hosts.equiv" +-#define _PATH_HOSTS "/etc/hosts" +-#define _PATH_NETWORKS "/etc/networks" +-#define _PATH_NSSWITCH_CONF "/etc/nsswitch.conf" +-#define _PATH_PROTOCOLS "/etc/protocols" +-#define _PATH_SERVICES "/etc/services" ++#define _PATH_HEQUIV SYSCONFDIR "/hosts.equiv" ++#define _PATH_HOSTS SYSCONFDIR "/hosts" ++#define _PATH_NETWORKS SYSCONFDIR "/networks" ++#define _PATH_NSSWITCH_CONF SYSCONFDIR "/nsswitch.conf" ++#define _PATH_PROTOCOLS SYSCONFDIR "/protocols" ++#define _PATH_SERVICES SYSCONFDIR "/services" + + + __BEGIN_DECLS +Index: glibc-2.19/resolv/resolv.h +=================================================================== +--- glibc-2.19.orig/resolv/resolv.h ++++ /dev/null +@@ -1,389 +0,0 @@ +-/* +- * Copyright (c) 1983, 1987, 1989 +- * The Regents of the University of California. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 4. Neither the name of the University nor the names of its contributors +- * may be used to endorse or promote products derived from this software +- * without specific prior written permission. +- * +- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- */ +- +-/* +- * Portions Copyright (c) 1996-1999 by Internet Software Consortium. +- * +- * Permission to use, copy, modify, and distribute this software for any +- * purpose with or without fee is hereby granted, provided that the above +- * copyright notice and this permission notice appear in all copies. +- * +- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS +- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE +- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL +- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +- * SOFTWARE. +- */ +- +-/* +- * @(#)resolv.h 8.1 (Berkeley) 6/2/93 +- * $BINDId: resolv.h,v 8.31 2000/03/30 20:16:50 vixie Exp $ +- */ +- +-#ifndef _RESOLV_H_ +- +-/* These headers are needed for types used in the `struct res_state' +- declaration. */ +-#include <sys/types.h> +-#include <netinet/in.h> +- +-#ifndef __need_res_state +-# define _RESOLV_H_ +- +-# include <sys/param.h> +-# include <sys/cdefs.h> +-# include <stdio.h> +-# include <arpa/nameser.h> +-#endif +- +-#ifndef __res_state_defined +-# define __res_state_defined +- +-typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error } +- res_sendhookact; +- +-typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *__ns, +- const u_char **__query, +- int *__querylen, +- u_char *__ans, +- int __anssiz, +- int *__resplen); +- +-typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *__ns, +- const u_char *__query, +- int __querylen, +- u_char *__ans, +- int __anssiz, +- int *__resplen); +- +-/* +- * Global defines and variables for resolver stub. +- */ +-# define MAXNS 3 /* max # name servers we'll track */ +-# define MAXDFLSRCH 3 /* # default domain levels to try */ +-# define MAXDNSRCH 6 /* max # domains in search path */ +-# define LOCALDOMAINPARTS 2 /* min levels in name that is "local" */ +- +-# define RES_TIMEOUT 5 /* min. seconds between retries */ +-# define MAXRESOLVSORT 10 /* number of net to sort on */ +-# define RES_MAXNDOTS 15 /* should reflect bit field size */ +-# define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */ +-# define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */ +-# define RES_DFLRETRY 2 /* Default #/tries. */ +-# define RES_MAXTIME 65535 /* Infinity, in milliseconds. */ +- +-struct __res_state { +- int retrans; /* retransmition time interval */ +- int retry; /* number of times to retransmit */ +- u_long options; /* option flags - see below. */ +- int nscount; /* number of name servers */ +- struct sockaddr_in +- nsaddr_list[MAXNS]; /* address of name server */ +-# define nsaddr nsaddr_list[0] /* for backward compatibility */ +- u_short id; /* current message id */ +- /* 2 byte hole here. */ +- char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */ +- char defdname[256]; /* default domain (deprecated) */ +- u_long pfcode; /* RES_PRF_ flags - see below. */ +- unsigned ndots:4; /* threshold for initial abs. query */ +- unsigned nsort:4; /* number of elements in sort_list[] */ +- unsigned ipv6_unavail:1; /* connecting to IPv6 server failed */ +- unsigned unused:23; +- struct { +- struct in_addr addr; +- u_int32_t mask; +- } sort_list[MAXRESOLVSORT]; +- /* 4 byte hole here on 64-bit architectures. */ +- res_send_qhook qhook; /* query hook */ +- res_send_rhook rhook; /* response hook */ +- int res_h_errno; /* last one set for this context */ +- int _vcsock; /* PRIVATE: for res_send VC i/o */ +- u_int _flags; /* PRIVATE: see below */ +- /* 4 byte hole here on 64-bit architectures. */ +- union { +- char pad[52]; /* On an i386 this means 512b total. */ +- struct { +- u_int16_t nscount; +- u_int16_t nsmap[MAXNS]; +- int nssocks[MAXNS]; +- u_int16_t nscount6; +- u_int16_t nsinit; +- struct sockaddr_in6 *nsaddrs[MAXNS]; +-#ifdef _LIBC +- unsigned long long int initstamp +- __attribute__((packed)); +-#else +- unsigned int _initstamp[2]; +-#endif +- } _ext; +- } _u; +-}; +- +-typedef struct __res_state *res_state; +-# undef __need_res_state +-#endif +- +-#ifdef _RESOLV_H_ +-/* +- * Revision information. This is the release date in YYYYMMDD format. +- * It can change every day so the right thing to do with it is use it +- * in preprocessor commands such as "#if (__RES > 19931104)". Do not +- * compare for equality; rather, use it to determine whether your resolver +- * is new enough to contain a certain feature. +- */ +- +-#define __RES 19991006 +- +-/* +- * Resolver configuration file. +- * Normally not present, but may contain the address of the +- * inital name server(s) to query and the domain search list. +- */ +- +-#ifndef _PATH_RESCONF +-#define _PATH_RESCONF "/etc/resolv.conf" +-#endif +- +-struct res_sym { +- int number; /* Identifying number, like T_MX */ +- char * name; /* Its symbolic name, like "MX" */ +- char * humanname; /* Its fun name, like "mail exchanger" */ +-}; +- +-/* +- * Resolver flags (used to be discrete per-module statics ints). +- */ +-#define RES_F_VC 0x00000001 /* socket is TCP */ +-#define RES_F_CONN 0x00000002 /* socket is connected */ +-#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors */ +- +-/* res_findzonecut() options */ +-#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */ +- +-/* +- * Resolver options (keep these in synch with res_debug.c, please) +- */ +-#define RES_INIT 0x00000001 /* address initialized */ +-#define RES_DEBUG 0x00000002 /* print debug messages */ +-#define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/ +-#define RES_USEVC 0x00000008 /* use virtual circuit */ +-#define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */ +-#define RES_IGNTC 0x00000020 /* ignore trucation errors */ +-#define RES_RECURSE 0x00000040 /* recursion desired */ +-#define RES_DEFNAMES 0x00000080 /* use default domain name */ +-#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ +-#define RES_DNSRCH 0x00000200 /* search up local domain tree */ +-#define RES_INSECURE1 0x00000400 /* type 1 security disabled */ +-#define RES_INSECURE2 0x00000800 /* type 2 security disabled */ +-#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ +-#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */ +-#define RES_ROTATE 0x00004000 /* rotate ns list after each query */ +-#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity (!IMPL) */ +-#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */ +-#define RES_BLAST 0x00020000 /* blast all recursive servers */ +-#define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte +- strings */ +-#define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6 +- reverse lookup */ +-#define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */ +-#define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */ +-#define RES_SNGLKUPREOP 0x00400000 /* -"-, but open new socket for each +- request */ +-#define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */ +-#define RES_NOTLDQUERY 0x01000000 /* Do not look up unqualified name +- as a TLD. */ +- +-#define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT) +- +-/* +- * Resolver "pfcode" values. Used by dig. +- */ +-#define RES_PRF_STATS 0x00000001 +-#define RES_PRF_UPDATE 0x00000002 +-#define RES_PRF_CLASS 0x00000004 +-#define RES_PRF_CMD 0x00000008 +-#define RES_PRF_QUES 0x00000010 +-#define RES_PRF_ANS 0x00000020 +-#define RES_PRF_AUTH 0x00000040 +-#define RES_PRF_ADD 0x00000080 +-#define RES_PRF_HEAD1 0x00000100 +-#define RES_PRF_HEAD2 0x00000200 +-#define RES_PRF_TTLID 0x00000400 +-#define RES_PRF_HEADX 0x00000800 +-#define RES_PRF_QUERY 0x00001000 +-#define RES_PRF_REPLY 0x00002000 +-#define RES_PRF_INIT 0x00004000 +-/* 0x00008000 */ +- +-/* Things involving an internal (static) resolver context. */ +-__BEGIN_DECLS +-extern struct __res_state *__res_state(void) __attribute__ ((__const__)); +-__END_DECLS +-#define _res (*__res_state()) +- +-#ifndef __BIND_NOSTATIC +-#define fp_nquery __fp_nquery +-#define fp_query __fp_query +-#define hostalias __hostalias +-#define p_query __p_query +-#define res_close __res_close +-#define res_init __res_init +-#define res_isourserver __res_isourserver +-#define res_mkquery __res_mkquery +-#define res_query __res_query +-#define res_querydomain __res_querydomain +-#define res_search __res_search +-#define res_send __res_send +- +-__BEGIN_DECLS +-void fp_nquery (const u_char *, int, FILE *) __THROW; +-void fp_query (const u_char *, FILE *) __THROW; +-const char * hostalias (const char *) __THROW; +-void p_query (const u_char *) __THROW; +-void res_close (void) __THROW; +-int res_init (void) __THROW; +-int res_isourserver (const struct sockaddr_in *) __THROW; +-int res_mkquery (int, const char *, int, int, const u_char *, +- int, const u_char *, u_char *, int) __THROW; +-int res_query (const char *, int, int, u_char *, int) __THROW; +-int res_querydomain (const char *, const char *, int, int, +- u_char *, int) __THROW; +-int res_search (const char *, int, int, u_char *, int) __THROW; +-int res_send (const u_char *, int, u_char *, int) __THROW; +-__END_DECLS +-#endif +- +-#define b64_ntop __b64_ntop +-#define b64_pton __b64_pton +-#define dn_comp __dn_comp +-#define dn_count_labels __dn_count_labels +-#define dn_expand __dn_expand +-#define dn_skipname __dn_skipname +-#define fp_resstat __fp_resstat +-#define loc_aton __loc_aton +-#define loc_ntoa __loc_ntoa +-#define p_cdname __p_cdname +-#define p_cdnname __p_cdnname +-#define p_class __p_class +-#define p_fqname __p_fqname +-#define p_fqnname __p_fqnname +-#define p_option __p_option +-#define p_secstodate __p_secstodate +-#define p_section __p_section +-#define p_time __p_time +-#define p_type __p_type +-#define p_rcode __p_rcode +-#define putlong __putlong +-#define putshort __putshort +-#define res_dnok __res_dnok +-#define res_hnok __res_hnok +-#define res_hostalias __res_hostalias +-#define res_mailok __res_mailok +-#define res_nameinquery __res_nameinquery +-#define res_nclose __res_nclose +-#define res_ninit __res_ninit +-#define res_nmkquery __res_nmkquery +-#define res_npquery __res_npquery +-#define res_nquery __res_nquery +-#define res_nquerydomain __res_nquerydomain +-#define res_nsearch __res_nsearch +-#define res_nsend __res_nsend +-#define res_nisourserver __res_nisourserver +-#define res_ownok __res_ownok +-#define res_queriesmatch __res_queriesmatch +-#define res_randomid __res_randomid +-#define sym_ntop __sym_ntop +-#define sym_ntos __sym_ntos +-#define sym_ston __sym_ston +-__BEGIN_DECLS +-int res_hnok (const char *) __THROW; +-int res_ownok (const char *) __THROW; +-int res_mailok (const char *) __THROW; +-int res_dnok (const char *) __THROW; +-int sym_ston (const struct res_sym *, const char *, int *) __THROW; +-const char * sym_ntos (const struct res_sym *, int, int *) __THROW; +-const char * sym_ntop (const struct res_sym *, int, int *) __THROW; +-int b64_ntop (u_char const *, size_t, char *, size_t) __THROW; +-int b64_pton (char const *, u_char *, size_t) __THROW; +-int loc_aton (const char *__ascii, u_char *__binary) __THROW; +-const char * loc_ntoa (const u_char *__binary, char *__ascii) __THROW; +-int dn_skipname (const u_char *, const u_char *) __THROW; +-void putlong (u_int32_t, u_char *) __THROW; +-void putshort (u_int16_t, u_char *) __THROW; +-const char * p_class (int) __THROW; +-const char * p_time (u_int32_t) __THROW; +-const char * p_type (int) __THROW; +-const char * p_rcode (int) __THROW; +-const u_char * p_cdnname (const u_char *, const u_char *, int, FILE *) +- __THROW; +-const u_char * p_cdname (const u_char *, const u_char *, FILE *) __THROW; +-const u_char * p_fqnname (const u_char *__cp, const u_char *__msg, +- int, char *, int) __THROW; +-const u_char * p_fqname (const u_char *, const u_char *, FILE *) __THROW; +-const char * p_option (u_long __option) __THROW; +-char * p_secstodate (u_long) __THROW; +-int dn_count_labels (const char *) __THROW; +-int dn_comp (const char *, u_char *, int, u_char **, u_char **) +- __THROW; +-int dn_expand (const u_char *, const u_char *, const u_char *, +- char *, int) __THROW; +-u_int res_randomid (void) __THROW; +-int res_nameinquery (const char *, int, int, +- const u_char *, const u_char *) __THROW; +-int res_queriesmatch (const u_char *, const u_char *, +- const u_char *, const u_char *) __THROW; +-const char * p_section (int __section, int __opcode) __THROW; +-/* Things involving a resolver context. */ +-int res_ninit (res_state) __THROW; +-int res_nisourserver (const res_state, +- const struct sockaddr_in *) __THROW; +-void fp_resstat (const res_state, FILE *) __THROW; +-void res_npquery (const res_state, const u_char *, int, FILE *) +- __THROW; +-const char * res_hostalias (const res_state, const char *, char *, size_t) +- __THROW; +-int res_nquery (res_state, const char *, int, int, u_char *, int) +- __THROW; +-int res_nsearch (res_state, const char *, int, int, u_char *, int) +- __THROW; +-int res_nquerydomain (res_state, const char *, const char *, int, +- int, u_char *, int) __THROW; +-int res_nmkquery (res_state, int, const char *, int, int, +- const u_char *, int, const u_char *, u_char *, +- int) __THROW; +-int res_nsend (res_state, const u_char *, int, u_char *, int) +- __THROW; +-void res_nclose (res_state) __THROW; +-__END_DECLS +-#endif +- +-#endif /* !_RESOLV_H_ */ +Index: glibc-2.19/shadow/Makefile +=================================================================== +--- glibc-2.19.orig/shadow/Makefile ++++ glibc-2.19/shadow/Makefile +@@ -34,5 +34,6 @@ CFLAGS-fgetspent_r.c = -fexceptions $(li + CFLAGS-putspent.c = -fexceptions $(libio-mtsafe) + CFLAGS-getspnam.c = -fexceptions + CFLAGS-getspnam_r.c = -fexceptions ++CPPFLAGS-lckpwdf.c = -DSYSCONFDIR='"$(sysconfdir)"' + + include ../Rules +Index: glibc-2.19/shadow/lckpwdf.c +=================================================================== +--- glibc-2.19.orig/shadow/lckpwdf.c ++++ glibc-2.19/shadow/lckpwdf.c +@@ -29,7 +29,7 @@ + + + /* Name of the lock file. */ +-#define PWD_LOCKFILE "/etc/.pwd.lock" ++#define PWD_LOCKFILE SYSCONFDIR "/.pwd.lock" + + /* How long to wait for getting the lock before returning with an + error. */ +Index: glibc-2.19/configure.ac +=================================================================== +--- glibc-2.19.orig/configure.ac ++++ glibc-2.19/configure.ac +@@ -2173,7 +2173,7 @@ RELEASE=`sed -n -e 's/^#define RELEASE " + AC_SUBST(VERSION) + AC_SUBST(RELEASE) + +-AC_CONFIG_FILES([config.make Makefile]) ++AC_CONFIG_FILES([config.make Makefile nss/db-Makefile resolv/netdb.h resolv/resolv.h]) + AC_CONFIG_COMMANDS([default],[[ + case $CONFIG_FILES in *config.make*) + echo "$config_vars" >> config.make;; +Index: glibc-2.19/resolv/netdb.h.in +=================================================================== +--- /dev/null ++++ glibc-2.19/resolv/netdb.h.in +@@ -0,0 +1,715 @@ ++ /* Copyright (C) 1996-2014 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++/* All data returned by the network data base library are supplied in ++ host order and returned in network order (suitable for use in ++ system calls). */ ++ ++#ifndef _NETDB_H ++#define _NETDB_H 1 ++ ++#include <features.h> ++ ++#include <netinet/in.h> ++#include <stdint.h> ++#ifdef __USE_MISC ++/* This is necessary to make this include file properly replace the ++ Sun version. */ ++# include <rpc/netdb.h> ++#endif ++ ++#ifdef __USE_GNU ++# define __need_sigevent_t ++# include <bits/siginfo.h> ++# define __need_timespec ++# include <time.h> ++#endif ++ ++#include <bits/netdb.h> ++ ++/* Absolute file name for network data base files. */ ++#define _PATH_HEQUIV "@libc_cv_sysconfdir@/hosts.equiv" ++#define _PATH_HOSTS "@libc_cv_sysconfdir@/hosts" ++#define _PATH_NETWORKS "@libc_cv_sysconfdir@/networks" ++#define _PATH_NSSWITCH_CONF "@libc_cv_sysconfdir@/nsswitch.conf" ++#define _PATH_PROTOCOLS "@libc_cv_sysconfdir@/protocols" ++#define _PATH_SERVICES "@libc_cv_sysconfdir@/services" ++ ++ ++__BEGIN_DECLS ++ ++#if defined __USE_MISC || !defined __USE_XOPEN2K8 ++/* Error status for non-reentrant lookup functions. ++ We use a macro to access always the thread-specific `h_errno' variable. */ ++# define h_errno (*__h_errno_location ()) ++ ++/* Function to get address of global `h_errno' variable. */ ++extern int *__h_errno_location (void) __THROW __attribute__ ((__const__)); ++ ++ ++/* Possible values left in `h_errno'. */ ++# define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found. */ ++# define TRY_AGAIN 2 /* Non-Authoritative Host not found, ++ or SERVERFAIL. */ ++# define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED, ++ NOTIMP. */ ++# define NO_DATA 4 /* Valid name, no data record of requested ++ type. */ ++#endif ++#ifdef __USE_MISC ++# define NETDB_INTERNAL -1 /* See errno. */ ++# define NETDB_SUCCESS 0 /* No problem. */ ++# define NO_ADDRESS NO_DATA /* No address, look for MX record. */ ++#endif ++ ++#if defined __USE_XOPEN2K || defined __USE_XOPEN_EXTENDED ++/* Highest reserved Internet port number. */ ++# define IPPORT_RESERVED 1024 ++#endif ++ ++#ifdef __USE_GNU ++/* Scope delimiter for getaddrinfo(), getnameinfo(). */ ++# define SCOPE_DELIMITER '%' ++#endif ++ ++#ifdef __USE_MISC ++/* Print error indicated by `h_errno' variable on standard error. STR ++ if non-null is printed before the error string. */ ++extern void herror (const char *__str) __THROW; ++ ++/* Return string associated with error ERR_NUM. */ ++extern const char *hstrerror (int __err_num) __THROW; ++#endif ++ ++ ++/* Description of data base entry for a single host. */ ++struct hostent ++{ ++ char *h_name; /* Official name of host. */ ++ char **h_aliases; /* Alias list. */ ++ int h_addrtype; /* Host address type. */ ++ int h_length; /* Length of address. */ ++ char **h_addr_list; /* List of addresses from name server. */ ++#ifdef __USE_MISC ++# define h_addr h_addr_list[0] /* Address, for backward compatibility.*/ ++#endif ++}; ++ ++/* Open host data base files and mark them as staying open even after ++ a later search if STAY_OPEN is non-zero. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void sethostent (int __stay_open); ++ ++/* Close host data base files and clear `stay open' flag. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void endhostent (void); ++ ++/* Get next entry from host data base file. Open data base if ++ necessary. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct hostent *gethostent (void); ++ ++/* Return entry from host data base which address match ADDR with ++ length LEN and type TYPE. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct hostent *gethostbyaddr (const void *__addr, __socklen_t __len, ++ int __type); ++ ++/* Return entry from host data base for host with NAME. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct hostent *gethostbyname (const char *__name); ++ ++#ifdef __USE_MISC ++/* Return entry from host data base for host with NAME. AF must be ++ set to the address type which is `AF_INET' for IPv4 or `AF_INET6' ++ for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern struct hostent *gethostbyname2 (const char *__name, int __af); ++ ++/* Reentrant versions of the functions above. The additional ++ arguments specify a buffer of BUFLEN starting at BUF. The last ++ argument is a pointer to a variable which gets the value which ++ would be stored in the global variable `herrno' by the ++ non-reentrant functions. ++ ++ These functions are not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation they are cancellation points and ++ therefore not marked with __THROW. */ ++extern int gethostent_r (struct hostent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct hostent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int gethostbyaddr_r (const void *__restrict __addr, __socklen_t __len, ++ int __type, ++ struct hostent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct hostent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int gethostbyname_r (const char *__restrict __name, ++ struct hostent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct hostent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int gethostbyname2_r (const char *__restrict __name, int __af, ++ struct hostent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct hostent **__restrict __result, ++ int *__restrict __h_errnop); ++#endif /* misc */ ++ ++ ++/* Open network data base files and mark them as staying open even ++ after a later search if STAY_OPEN is non-zero. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void setnetent (int __stay_open); ++ ++/* Close network data base files and clear `stay open' flag. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void endnetent (void); ++ ++/* Get next entry from network data base file. Open data base if ++ necessary. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct netent *getnetent (void); ++ ++/* Return entry from network data base which address match NET and ++ type TYPE. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct netent *getnetbyaddr (uint32_t __net, int __type); ++ ++/* Return entry from network data base for network with NAME. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct netent *getnetbyname (const char *__name); ++ ++#ifdef __USE_MISC ++/* Reentrant versions of the functions above. The additional ++ arguments specify a buffer of BUFLEN starting at BUF. The last ++ argument is a pointer to a variable which gets the value which ++ would be stored in the global variable `herrno' by the ++ non-reentrant functions. ++ ++ These functions are not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation they are cancellation points and ++ therefore not marked with __THROW. */ ++extern int getnetent_r (struct netent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct netent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int getnetbyaddr_r (uint32_t __net, int __type, ++ struct netent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct netent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int getnetbyname_r (const char *__restrict __name, ++ struct netent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct netent **__restrict __result, ++ int *__restrict __h_errnop); ++#endif /* misc */ ++ ++ ++/* Description of data base entry for a single service. */ ++struct servent ++{ ++ char *s_name; /* Official service name. */ ++ char **s_aliases; /* Alias list. */ ++ int s_port; /* Port number. */ ++ char *s_proto; /* Protocol to use. */ ++}; ++ ++/* Open service data base files and mark them as staying open even ++ after a later search if STAY_OPEN is non-zero. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void setservent (int __stay_open); ++ ++/* Close service data base files and clear `stay open' flag. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void endservent (void); ++ ++/* Get next entry from service data base file. Open data base if ++ necessary. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct servent *getservent (void); ++ ++/* Return entry from network data base for network with NAME and ++ protocol PROTO. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct servent *getservbyname (const char *__name, const char *__proto); ++ ++/* Return entry from service data base which matches port PORT and ++ protocol PROTO. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct servent *getservbyport (int __port, const char *__proto); ++ ++ ++#ifdef __USE_MISC ++/* Reentrant versions of the functions above. The additional ++ arguments specify a buffer of BUFLEN starting at BUF. ++ ++ These functions are not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation they are cancellation points and ++ therefore not marked with __THROW. */ ++extern int getservent_r (struct servent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct servent **__restrict __result); ++ ++extern int getservbyname_r (const char *__restrict __name, ++ const char *__restrict __proto, ++ struct servent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct servent **__restrict __result); ++ ++extern int getservbyport_r (int __port, const char *__restrict __proto, ++ struct servent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct servent **__restrict __result); ++#endif /* misc */ ++ ++ ++/* Description of data base entry for a single service. */ ++struct protoent ++{ ++ char *p_name; /* Official protocol name. */ ++ char **p_aliases; /* Alias list. */ ++ int p_proto; /* Protocol number. */ ++}; ++ ++/* Open protocol data base files and mark them as staying open even ++ after a later search if STAY_OPEN is non-zero. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void setprotoent (int __stay_open); ++ ++/* Close protocol data base files and clear `stay open' flag. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void endprotoent (void); ++ ++/* Get next entry from protocol data base file. Open data base if ++ necessary. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct protoent *getprotoent (void); ++ ++/* Return entry from protocol data base for network with NAME. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct protoent *getprotobyname (const char *__name); ++ ++/* Return entry from protocol data base which number is PROTO. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct protoent *getprotobynumber (int __proto); ++ ++ ++#ifdef __USE_MISC ++/* Reentrant versions of the functions above. The additional ++ arguments specify a buffer of BUFLEN starting at BUF. ++ ++ These functions are not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation they are cancellation points and ++ therefore not marked with __THROW. */ ++extern int getprotoent_r (struct protoent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct protoent **__restrict __result); ++ ++extern int getprotobyname_r (const char *__restrict __name, ++ struct protoent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct protoent **__restrict __result); ++ ++extern int getprotobynumber_r (int __proto, ++ struct protoent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct protoent **__restrict __result); ++ ++ ++/* Establish network group NETGROUP for enumeration. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int setnetgrent (const char *__netgroup); ++ ++/* Free all space allocated by previous `setnetgrent' call. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern void endnetgrent (void); ++ ++/* Get next member of netgroup established by last `setnetgrent' call ++ and return pointers to elements in HOSTP, USERP, and DOMAINP. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int getnetgrent (char **__restrict __hostp, ++ char **__restrict __userp, ++ char **__restrict __domainp); ++ ++ ++/* Test whether NETGROUP contains the triple (HOST,USER,DOMAIN). ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int innetgr (const char *__netgroup, const char *__host, ++ const char *__user, const char *__domain); ++ ++/* Reentrant version of `getnetgrent' where result is placed in BUFFER. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int getnetgrent_r (char **__restrict __hostp, ++ char **__restrict __userp, ++ char **__restrict __domainp, ++ char *__restrict __buffer, size_t __buflen); ++#endif /* misc */ ++ ++ ++#ifdef __USE_MISC ++/* Call `rshd' at port RPORT on remote machine *AHOST to execute CMD. ++ The local user is LOCUSER, on the remote machine the command is ++ executed as REMUSER. In *FD2P the descriptor to the socket for the ++ connection is returned. The caller must have the right to use a ++ reserved port. When the function returns *AHOST contains the ++ official host name. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rcmd (char **__restrict __ahost, unsigned short int __rport, ++ const char *__restrict __locuser, ++ const char *__restrict __remuser, ++ const char *__restrict __cmd, int *__restrict __fd2p); ++ ++/* This is the equivalent function where the protocol can be selected ++ and which therefore can be used for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rcmd_af (char **__restrict __ahost, unsigned short int __rport, ++ const char *__restrict __locuser, ++ const char *__restrict __remuser, ++ const char *__restrict __cmd, int *__restrict __fd2p, ++ sa_family_t __af); ++ ++/* Call `rexecd' at port RPORT on remote machine *AHOST to execute ++ CMD. The process runs at the remote machine using the ID of user ++ NAME whose cleartext password is PASSWD. In *FD2P the descriptor ++ to the socket for the connection is returned. When the function ++ returns *AHOST contains the official host name. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rexec (char **__restrict __ahost, int __rport, ++ const char *__restrict __name, ++ const char *__restrict __pass, ++ const char *__restrict __cmd, int *__restrict __fd2p); ++ ++/* This is the equivalent function where the protocol can be selected ++ and which therefore can be used for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rexec_af (char **__restrict __ahost, int __rport, ++ const char *__restrict __name, ++ const char *__restrict __pass, ++ const char *__restrict __cmd, int *__restrict __fd2p, ++ sa_family_t __af); ++ ++/* Check whether user REMUSER on system RHOST is allowed to login as LOCUSER. ++ If SUSER is not zero the user tries to become superuser. Return 0 if ++ it is possible. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int ruserok (const char *__rhost, int __suser, ++ const char *__remuser, const char *__locuser); ++ ++/* This is the equivalent function where the protocol can be selected ++ and which therefore can be used for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int ruserok_af (const char *__rhost, int __suser, ++ const char *__remuser, const char *__locuser, ++ sa_family_t __af); ++ ++/* Check whether user REMUSER on system indicated by IPv4 address ++ RADDR is allowed to login as LOCUSER. Non-IPv4 (e.g., IPv6) are ++ not supported. If SUSER is not zero the user tries to become ++ superuser. Return 0 if it is possible. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int iruserok (uint32_t __raddr, int __suser, ++ const char *__remuser, const char *__locuser); ++ ++/* This is the equivalent function where the pfamiliy if the address ++ pointed to by RADDR is determined by the value of AF. It therefore ++ can be used for IPv6 ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int iruserok_af (const void *__raddr, int __suser, ++ const char *__remuser, const char *__locuser, ++ sa_family_t __af); ++ ++/* Try to allocate reserved port, returning a descriptor for a socket opened ++ at this port or -1 if unsuccessful. The search for an available port ++ will start at ALPORT and continues with lower numbers. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rresvport (int *__alport); ++ ++/* This is the equivalent function where the protocol can be selected ++ and which therefore can be used for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rresvport_af (int *__alport, sa_family_t __af); ++#endif ++ ++ ++/* Extension from POSIX.1g. */ ++#ifdef __USE_POSIX ++/* Structure to contain information about address of a service provider. */ ++struct addrinfo ++{ ++ int ai_flags; /* Input flags. */ ++ int ai_family; /* Protocol family for socket. */ ++ int ai_socktype; /* Socket type. */ ++ int ai_protocol; /* Protocol for socket. */ ++ socklen_t ai_addrlen; /* Length of socket address. */ ++ struct sockaddr *ai_addr; /* Socket address for socket. */ ++ char *ai_canonname; /* Canonical name for service location. */ ++ struct addrinfo *ai_next; /* Pointer to next in list. */ ++}; ++ ++# ifdef __USE_GNU ++/* Structure used as control block for asynchronous lookup. */ ++struct gaicb ++{ ++ const char *ar_name; /* Name to look up. */ ++ const char *ar_service; /* Service name. */ ++ const struct addrinfo *ar_request; /* Additional request specification. */ ++ struct addrinfo *ar_result; /* Pointer to result. */ ++ /* The following are internal elements. */ ++ int __return; ++ int __glibc_reserved[5]; ++}; ++ ++/* Lookup mode. */ ++# define GAI_WAIT 0 ++# define GAI_NOWAIT 1 ++# endif ++ ++/* Possible values for `ai_flags' field in `addrinfo' structure. */ ++# define AI_PASSIVE 0x0001 /* Socket address is intended for `bind'. */ ++# define AI_CANONNAME 0x0002 /* Request for canonical name. */ ++# define AI_NUMERICHOST 0x0004 /* Don't use name resolution. */ ++# define AI_V4MAPPED 0x0008 /* IPv4 mapped addresses are acceptable. */ ++# define AI_ALL 0x0010 /* Return IPv4 mapped and IPv6 addresses. */ ++# define AI_ADDRCONFIG 0x0020 /* Use configuration of this host to choose ++ returned address type.. */ ++# ifdef __USE_GNU ++# define AI_IDN 0x0040 /* IDN encode input (assuming it is encoded ++ in the current locale's character set) ++ before looking it up. */ ++# define AI_CANONIDN 0x0080 /* Translate canonical name from IDN format. */ ++# define AI_IDN_ALLOW_UNASSIGNED 0x0100 /* Don't reject unassigned Unicode ++ code points. */ ++# define AI_IDN_USE_STD3_ASCII_RULES 0x0200 /* Validate strings according to ++ STD3 rules. */ ++# endif ++# define AI_NUMERICSERV 0x0400 /* Don't use name resolution. */ ++ ++/* Error values for `getaddrinfo' function. */ ++# define EAI_BADFLAGS -1 /* Invalid value for `ai_flags' field. */ ++# define EAI_NONAME -2 /* NAME or SERVICE is unknown. */ ++# define EAI_AGAIN -3 /* Temporary failure in name resolution. */ ++# define EAI_FAIL -4 /* Non-recoverable failure in name res. */ ++# define EAI_FAMILY -6 /* `ai_family' not supported. */ ++# define EAI_SOCKTYPE -7 /* `ai_socktype' not supported. */ ++# define EAI_SERVICE -8 /* SERVICE not supported for `ai_socktype'. */ ++# define EAI_MEMORY -10 /* Memory allocation failure. */ ++# define EAI_SYSTEM -11 /* System error returned in `errno'. */ ++# define EAI_OVERFLOW -12 /* Argument buffer overflow. */ ++# ifdef __USE_GNU ++# define EAI_NODATA -5 /* No address associated with NAME. */ ++# define EAI_ADDRFAMILY -9 /* Address family for NAME not supported. */ ++# define EAI_INPROGRESS -100 /* Processing request in progress. */ ++# define EAI_CANCELED -101 /* Request canceled. */ ++# define EAI_NOTCANCELED -102 /* Request not canceled. */ ++# define EAI_ALLDONE -103 /* All requests done. */ ++# define EAI_INTR -104 /* Interrupted by a signal. */ ++# define EAI_IDN_ENCODE -105 /* IDN encoding failed. */ ++# endif ++ ++# ifdef __USE_MISC ++# define NI_MAXHOST 1025 ++# define NI_MAXSERV 32 ++# endif ++ ++# define NI_NUMERICHOST 1 /* Don't try to look up hostname. */ ++# define NI_NUMERICSERV 2 /* Don't convert port number to name. */ ++# define NI_NOFQDN 4 /* Only return nodename portion. */ ++# define NI_NAMEREQD 8 /* Don't return numeric addresses. */ ++# define NI_DGRAM 16 /* Look up UDP service rather than TCP. */ ++# ifdef __USE_GNU ++# define NI_IDN 32 /* Convert name from IDN format. */ ++# define NI_IDN_ALLOW_UNASSIGNED 64 /* Don't reject unassigned Unicode ++ code points. */ ++# define NI_IDN_USE_STD3_ASCII_RULES 128 /* Validate strings according to ++ STD3 rules. */ ++# endif ++ ++/* Translate name of a service location and/or a service name to set of ++ socket addresses. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern int getaddrinfo (const char *__restrict __name, ++ const char *__restrict __service, ++ const struct addrinfo *__restrict __req, ++ struct addrinfo **__restrict __pai); ++ ++/* Free `addrinfo' structure AI including associated storage. */ ++extern void freeaddrinfo (struct addrinfo *__ai) __THROW; ++ ++/* Convert error return from getaddrinfo() to a string. */ ++extern const char *gai_strerror (int __ecode) __THROW; ++ ++/* Translate a socket address to a location and service name. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern int getnameinfo (const struct sockaddr *__restrict __sa, ++ socklen_t __salen, char *__restrict __host, ++ socklen_t __hostlen, char *__restrict __serv, ++ socklen_t __servlen, int __flags); ++#endif /* POSIX */ ++ ++#ifdef __USE_GNU ++/* Enqueue ENT requests from the LIST. If MODE is GAI_WAIT wait until all ++ requests are handled. If WAIT is GAI_NOWAIT return immediately after ++ queueing the requests and signal completion according to SIG. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int getaddrinfo_a (int __mode, struct gaicb *__list[__restrict_arr], ++ int __ent, struct sigevent *__restrict __sig); ++ ++/* Suspend execution of the thread until at least one of the ENT requests ++ in LIST is handled. If TIMEOUT is not a null pointer it specifies the ++ longest time the function keeps waiting before returning with an error. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int gai_suspend (const struct gaicb *const __list[], int __ent, ++ const struct timespec *__timeout); ++ ++/* Get the error status of the request REQ. */ ++extern int gai_error (struct gaicb *__req) __THROW; ++ ++/* Cancel the requests associated with GAICBP. */ ++extern int gai_cancel (struct gaicb *__gaicbp) __THROW; ++#endif /* GNU */ ++ ++__END_DECLS ++ ++#endif /* netdb.h */ +Index: glibc-2.19/resolv/resolv.h.in +=================================================================== +--- /dev/null ++++ glibc-2.19/resolv/resolv.h.in +@@ -0,0 +1,389 @@ ++/* ++ * Copyright (c) 1983, 1987, 1989 ++ * The Regents of the University of California. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 4. Neither the name of the University nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++/* ++ * Portions Copyright (c) 1996-1999 by Internet Software Consortium. ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE ++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL ++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR ++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ++ * SOFTWARE. ++ */ ++ ++/* ++ * @(#)resolv.h 8.1 (Berkeley) 6/2/93 ++ * $BINDId: resolv.h,v 8.31 2000/03/30 20:16:50 vixie Exp $ ++ */ ++ ++#ifndef _RESOLV_H_ ++ ++/* These headers are needed for types used in the `struct res_state' ++ declaration. */ ++#include <sys/types.h> ++#include <netinet/in.h> ++ ++#ifndef __need_res_state ++# define _RESOLV_H_ ++ ++# include <sys/param.h> ++# include <sys/cdefs.h> ++# include <stdio.h> ++# include <arpa/nameser.h> ++#endif ++ ++#ifndef __res_state_defined ++# define __res_state_defined ++ ++typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error } ++ res_sendhookact; ++ ++typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *__ns, ++ const u_char **__query, ++ int *__querylen, ++ u_char *__ans, ++ int __anssiz, ++ int *__resplen); ++ ++typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *__ns, ++ const u_char *__query, ++ int __querylen, ++ u_char *__ans, ++ int __anssiz, ++ int *__resplen); ++ ++/* ++ * Global defines and variables for resolver stub. ++ */ ++# define MAXNS 3 /* max # name servers we'll track */ ++# define MAXDFLSRCH 3 /* # default domain levels to try */ ++# define MAXDNSRCH 6 /* max # domains in search path */ ++# define LOCALDOMAINPARTS 2 /* min levels in name that is "local" */ ++ ++# define RES_TIMEOUT 5 /* min. seconds between retries */ ++# define MAXRESOLVSORT 10 /* number of net to sort on */ ++# define RES_MAXNDOTS 15 /* should reflect bit field size */ ++# define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */ ++# define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */ ++# define RES_DFLRETRY 2 /* Default #/tries. */ ++# define RES_MAXTIME 65535 /* Infinity, in milliseconds. */ ++ ++struct __res_state { ++ int retrans; /* retransmition time interval */ ++ int retry; /* number of times to retransmit */ ++ u_long options; /* option flags - see below. */ ++ int nscount; /* number of name servers */ ++ struct sockaddr_in ++ nsaddr_list[MAXNS]; /* address of name server */ ++# define nsaddr nsaddr_list[0] /* for backward compatibility */ ++ u_short id; /* current message id */ ++ /* 2 byte hole here. */ ++ char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */ ++ char defdname[256]; /* default domain (deprecated) */ ++ u_long pfcode; /* RES_PRF_ flags - see below. */ ++ unsigned ndots:4; /* threshold for initial abs. query */ ++ unsigned nsort:4; /* number of elements in sort_list[] */ ++ unsigned ipv6_unavail:1; /* connecting to IPv6 server failed */ ++ unsigned unused:23; ++ struct { ++ struct in_addr addr; ++ u_int32_t mask; ++ } sort_list[MAXRESOLVSORT]; ++ /* 4 byte hole here on 64-bit architectures. */ ++ res_send_qhook qhook; /* query hook */ ++ res_send_rhook rhook; /* response hook */ ++ int res_h_errno; /* last one set for this context */ ++ int _vcsock; /* PRIVATE: for res_send VC i/o */ ++ u_int _flags; /* PRIVATE: see below */ ++ /* 4 byte hole here on 64-bit architectures. */ ++ union { ++ char pad[52]; /* On an i386 this means 512b total. */ ++ struct { ++ u_int16_t nscount; ++ u_int16_t nsmap[MAXNS]; ++ int nssocks[MAXNS]; ++ u_int16_t nscount6; ++ u_int16_t nsinit; ++ struct sockaddr_in6 *nsaddrs[MAXNS]; ++#ifdef _LIBC ++ unsigned long long int initstamp ++ __attribute__((packed)); ++#else ++ unsigned int _initstamp[2]; ++#endif ++ } _ext; ++ } _u; ++}; ++ ++typedef struct __res_state *res_state; ++# undef __need_res_state ++#endif ++ ++#ifdef _RESOLV_H_ ++/* ++ * Revision information. This is the release date in YYYYMMDD format. ++ * It can change every day so the right thing to do with it is use it ++ * in preprocessor commands such as "#if (__RES > 19931104)". Do not ++ * compare for equality; rather, use it to determine whether your resolver ++ * is new enough to contain a certain feature. ++ */ ++ ++#define __RES 19991006 ++ ++/* ++ * Resolver configuration file. ++ * Normally not present, but may contain the address of the ++ * inital name server(s) to query and the domain search list. ++ */ ++ ++#ifndef _PATH_RESCONF ++#define _PATH_RESCONF "@libc_cv_sysconfdir@/resolv.conf" ++#endif ++ ++struct res_sym { ++ int number; /* Identifying number, like T_MX */ ++ char * name; /* Its symbolic name, like "MX" */ ++ char * humanname; /* Its fun name, like "mail exchanger" */ ++}; ++ ++/* ++ * Resolver flags (used to be discrete per-module statics ints). ++ */ ++#define RES_F_VC 0x00000001 /* socket is TCP */ ++#define RES_F_CONN 0x00000002 /* socket is connected */ ++#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors */ ++ ++/* res_findzonecut() options */ ++#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */ ++ ++/* ++ * Resolver options (keep these in synch with res_debug.c, please) ++ */ ++#define RES_INIT 0x00000001 /* address initialized */ ++#define RES_DEBUG 0x00000002 /* print debug messages */ ++#define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/ ++#define RES_USEVC 0x00000008 /* use virtual circuit */ ++#define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */ ++#define RES_IGNTC 0x00000020 /* ignore trucation errors */ ++#define RES_RECURSE 0x00000040 /* recursion desired */ ++#define RES_DEFNAMES 0x00000080 /* use default domain name */ ++#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ ++#define RES_DNSRCH 0x00000200 /* search up local domain tree */ ++#define RES_INSECURE1 0x00000400 /* type 1 security disabled */ ++#define RES_INSECURE2 0x00000800 /* type 2 security disabled */ ++#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ ++#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */ ++#define RES_ROTATE 0x00004000 /* rotate ns list after each query */ ++#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity (!IMPL) */ ++#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */ ++#define RES_BLAST 0x00020000 /* blast all recursive servers */ ++#define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte ++ strings */ ++#define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6 ++ reverse lookup */ ++#define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */ ++#define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */ ++#define RES_SNGLKUPREOP 0x00400000 /* -"-, but open new socket for each ++ request */ ++#define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */ ++#define RES_NOTLDQUERY 0x01000000 /* Do not look up unqualified name ++ as a TLD. */ ++ ++#define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT) ++ ++/* ++ * Resolver "pfcode" values. Used by dig. ++ */ ++#define RES_PRF_STATS 0x00000001 ++#define RES_PRF_UPDATE 0x00000002 ++#define RES_PRF_CLASS 0x00000004 ++#define RES_PRF_CMD 0x00000008 ++#define RES_PRF_QUES 0x00000010 ++#define RES_PRF_ANS 0x00000020 ++#define RES_PRF_AUTH 0x00000040 ++#define RES_PRF_ADD 0x00000080 ++#define RES_PRF_HEAD1 0x00000100 ++#define RES_PRF_HEAD2 0x00000200 ++#define RES_PRF_TTLID 0x00000400 ++#define RES_PRF_HEADX 0x00000800 ++#define RES_PRF_QUERY 0x00001000 ++#define RES_PRF_REPLY 0x00002000 ++#define RES_PRF_INIT 0x00004000 ++/* 0x00008000 */ ++ ++/* Things involving an internal (static) resolver context. */ ++__BEGIN_DECLS ++extern struct __res_state *__res_state(void) __attribute__ ((__const__)); ++__END_DECLS ++#define _res (*__res_state()) ++ ++#ifndef __BIND_NOSTATIC ++#define fp_nquery __fp_nquery ++#define fp_query __fp_query ++#define hostalias __hostalias ++#define p_query __p_query ++#define res_close __res_close ++#define res_init __res_init ++#define res_isourserver __res_isourserver ++#define res_mkquery __res_mkquery ++#define res_query __res_query ++#define res_querydomain __res_querydomain ++#define res_search __res_search ++#define res_send __res_send ++ ++__BEGIN_DECLS ++void fp_nquery (const u_char *, int, FILE *) __THROW; ++void fp_query (const u_char *, FILE *) __THROW; ++const char * hostalias (const char *) __THROW; ++void p_query (const u_char *) __THROW; ++void res_close (void) __THROW; ++int res_init (void) __THROW; ++int res_isourserver (const struct sockaddr_in *) __THROW; ++int res_mkquery (int, const char *, int, int, const u_char *, ++ int, const u_char *, u_char *, int) __THROW; ++int res_query (const char *, int, int, u_char *, int) __THROW; ++int res_querydomain (const char *, const char *, int, int, ++ u_char *, int) __THROW; ++int res_search (const char *, int, int, u_char *, int) __THROW; ++int res_send (const u_char *, int, u_char *, int) __THROW; ++__END_DECLS ++#endif ++ ++#define b64_ntop __b64_ntop ++#define b64_pton __b64_pton ++#define dn_comp __dn_comp ++#define dn_count_labels __dn_count_labels ++#define dn_expand __dn_expand ++#define dn_skipname __dn_skipname ++#define fp_resstat __fp_resstat ++#define loc_aton __loc_aton ++#define loc_ntoa __loc_ntoa ++#define p_cdname __p_cdname ++#define p_cdnname __p_cdnname ++#define p_class __p_class ++#define p_fqname __p_fqname ++#define p_fqnname __p_fqnname ++#define p_option __p_option ++#define p_secstodate __p_secstodate ++#define p_section __p_section ++#define p_time __p_time ++#define p_type __p_type ++#define p_rcode __p_rcode ++#define putlong __putlong ++#define putshort __putshort ++#define res_dnok __res_dnok ++#define res_hnok __res_hnok ++#define res_hostalias __res_hostalias ++#define res_mailok __res_mailok ++#define res_nameinquery __res_nameinquery ++#define res_nclose __res_nclose ++#define res_ninit __res_ninit ++#define res_nmkquery __res_nmkquery ++#define res_npquery __res_npquery ++#define res_nquery __res_nquery ++#define res_nquerydomain __res_nquerydomain ++#define res_nsearch __res_nsearch ++#define res_nsend __res_nsend ++#define res_nisourserver __res_nisourserver ++#define res_ownok __res_ownok ++#define res_queriesmatch __res_queriesmatch ++#define res_randomid __res_randomid ++#define sym_ntop __sym_ntop ++#define sym_ntos __sym_ntos ++#define sym_ston __sym_ston ++__BEGIN_DECLS ++int res_hnok (const char *) __THROW; ++int res_ownok (const char *) __THROW; ++int res_mailok (const char *) __THROW; ++int res_dnok (const char *) __THROW; ++int sym_ston (const struct res_sym *, const char *, int *) __THROW; ++const char * sym_ntos (const struct res_sym *, int, int *) __THROW; ++const char * sym_ntop (const struct res_sym *, int, int *) __THROW; ++int b64_ntop (u_char const *, size_t, char *, size_t) __THROW; ++int b64_pton (char const *, u_char *, size_t) __THROW; ++int loc_aton (const char *__ascii, u_char *__binary) __THROW; ++const char * loc_ntoa (const u_char *__binary, char *__ascii) __THROW; ++int dn_skipname (const u_char *, const u_char *) __THROW; ++void putlong (u_int32_t, u_char *) __THROW; ++void putshort (u_int16_t, u_char *) __THROW; ++const char * p_class (int) __THROW; ++const char * p_time (u_int32_t) __THROW; ++const char * p_type (int) __THROW; ++const char * p_rcode (int) __THROW; ++const u_char * p_cdnname (const u_char *, const u_char *, int, FILE *) ++ __THROW; ++const u_char * p_cdname (const u_char *, const u_char *, FILE *) __THROW; ++const u_char * p_fqnname (const u_char *__cp, const u_char *__msg, ++ int, char *, int) __THROW; ++const u_char * p_fqname (const u_char *, const u_char *, FILE *) __THROW; ++const char * p_option (u_long __option) __THROW; ++char * p_secstodate (u_long) __THROW; ++int dn_count_labels (const char *) __THROW; ++int dn_comp (const char *, u_char *, int, u_char **, u_char **) ++ __THROW; ++int dn_expand (const u_char *, const u_char *, const u_char *, ++ char *, int) __THROW; ++u_int res_randomid (void) __THROW; ++int res_nameinquery (const char *, int, int, ++ const u_char *, const u_char *) __THROW; ++int res_queriesmatch (const u_char *, const u_char *, ++ const u_char *, const u_char *) __THROW; ++const char * p_section (int __section, int __opcode) __THROW; ++/* Things involving a resolver context. */ ++int res_ninit (res_state) __THROW; ++int res_nisourserver (const res_state, ++ const struct sockaddr_in *) __THROW; ++void fp_resstat (const res_state, FILE *) __THROW; ++void res_npquery (const res_state, const u_char *, int, FILE *) ++ __THROW; ++const char * res_hostalias (const res_state, const char *, char *, size_t) ++ __THROW; ++int res_nquery (res_state, const char *, int, int, u_char *, int) ++ __THROW; ++int res_nsearch (res_state, const char *, int, int, u_char *, int) ++ __THROW; ++int res_nquerydomain (res_state, const char *, const char *, int, ++ int, u_char *, int) __THROW; ++int res_nmkquery (res_state, int, const char *, int, int, ++ const u_char *, int, const u_char *, u_char *, ++ int) __THROW; ++int res_nsend (res_state, const u_char *, int, u_char *, int) ++ __THROW; ++void res_nclose (res_state) __THROW; ++__END_DECLS ++#endif ++ ++#endif /* !_RESOLV_H_ */ +Index: glibc-2.19/configure +=================================================================== +--- glibc-2.19.orig/configure ++++ glibc-2.19/configure +@@ -7387,7 +7387,7 @@ RELEASE=`sed -n -e 's/^#define RELEASE " + + + +-ac_config_files="$ac_config_files config.make Makefile" ++ac_config_files="$ac_config_files config.make Makefile nss/db-Makefile resolv/netdb.h resolv/resolv.h" + + ac_config_commands="$ac_config_commands default" + +@@ -8107,6 +8107,9 @@ do + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "config.make") CONFIG_FILES="$CONFIG_FILES config.make" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; ++ "nss/db-Makefile") CONFIG_FILES="$CONFIG_FILES nss/db-Makefile" ;; ++ "resolv/netdb.h") CONFIG_FILES="$CONFIG_FILES resolv/netdb.h" ;; ++ "resolv/resolv.h") CONFIG_FILES="$CONFIG_FILES resolv/resolv.h" ;; + "default") CONFIG_COMMANDS="$CONFIG_COMMANDS default" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch new file mode 100644 index 0000000..341d8c5 --- /dev/null +++ b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch @@ -0,0 +1,30 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for glibc 2.19 by Magnus Granberg <zorry@ume.nu> + +--- configure.ac ++++ configure.ac +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + libc_cv_pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + libc_cv_pic_default=no + fi + rm -f conftest.* diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch b/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch new file mode 100644 index 0000000..72a616a --- /dev/null +++ b/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch @@ -0,0 +1,32 @@ +https://bugs.gentoo.org/503838 +http://gcc.gnu.org/PR60465 +https://sourceware.org/ml/libc-alpha/2015-12/msg00556.html +https://trofi.github.io/posts/189-glibc-on-ia64-or-how-relocations-bootstrap.html + +newer versions of gcc generate relocations in the elf_get_dynamic_info func +which glibc relies on to populate some info structs. those structs are then +used by ldso to process relocations in itself. glibc requires that there are +no relocations until that point (*after* elf_get_dynamic_info), so we end up +crashing during elf_get_dynamic_info because the relocation has not yet been +processed. + +this hack shuffles the code in a way that tricks gcc into not generating the +relocation. we need to figure out something better for upstream. + +--- a/elf/get-dynamic-info.h ++++ b/elf/get-dynamic-info.h +@@ -66,8 +66,12 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp) + info[DT_VALTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM + + DT_VERSIONTAGNUM + DT_EXTRANUM] = dyn; + else if ((d_tag_utype) DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM) +- info[DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM +- + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM] = dyn; ++ { ++ d_tag_utype i = ++ DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM ++ + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM; ++ info[i] = dyn; ++ } + ++dyn; + } + diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-vdso-disable.patch b/sys-libs/glibc/files/2.19/glibc-2.19-vdso-disable.patch new file mode 100644 index 0000000..31ed0d4 --- /dev/null +++ b/sys-libs/glibc/files/2.19/glibc-2.19-vdso-disable.patch @@ -0,0 +1,37 @@ +Disable vdso for some buggy kernels +http://thread.gmane.org/gmane.comp.lib.glibc.user/1903 + +Index: glibc-2.19/elf/dl-support.c +=================================================================== +--- glibc-2.19.orig/elf/dl-support.c ++++ glibc-2.19/elf/dl-support.c +@@ -260,16 +260,6 @@ _dl_aux_init (ElfW(auxv_t) *av) + case AT_FPUCW: + GLRO(dl_fpu_control) = av->a_un.a_val; + break; +-#ifdef NEED_DL_SYSINFO +- case AT_SYSINFO: +- GL(dl_sysinfo) = av->a_un.a_val; +- break; +-#endif +-#ifdef NEED_DL_SYSINFO_DSO +- case AT_SYSINFO_EHDR: +- GL(dl_sysinfo_dso) = (void *) av->a_un.a_val; +- break; +-#endif + case AT_UID: + uid ^= av->a_un.a_val; + seen |= 1; +Index: glibc-2.19/elf/setup-vdso.h +=================================================================== +--- glibc-2.19.orig/elf/setup-vdso.h ++++ glibc-2.19/elf/setup-vdso.h +@@ -20,7 +20,7 @@ static inline void __attribute__ ((alway + setup_vdso (struct link_map *main_map __attribute__ ((unused)), + struct link_map ***first_preload __attribute__ ((unused))) + { +-#ifdef NEED_DL_SYSINFO_DSO ++#if 0 + if (GLRO(dl_sysinfo_dso) == NULL) + return; + diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-configurable-paths.patch b/sys-libs/glibc/files/2.20/glibc-2.20-configurable-paths.patch new file mode 100644 index 0000000..1480595 --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-configurable-paths.patch @@ -0,0 +1,3012 @@ +Index: glibc-2.20/nis/Makefile +=================================================================== +--- glibc-2.20.orig/nis/Makefile ++++ glibc-2.20/nis/Makefile +@@ -58,6 +58,11 @@ libnsl-routines = yp_xdr ypclnt ypupdate + nis_clone_res nss-default + + libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups) ++SYSCONF-FLAGS := -D'SYSCONFDIR="$(sysconfdir)"' ++CPPFLAGS-compat-grp.c = $(SYSCONF-FLAGS) ++CPPFLAGS-compat-pwd.c = $(SYSCONF-FLAGS) ++CPPFLAGS-compat-spwd.c = $(SYSCONF-FLAGS) ++CPPFLAGS-compat-initgroups.c = $(SYSCONF-FLAGS) + libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes)) + + libnss_nis-routines := $(addprefix nis-,$(databases)) nis-initgroups \ +Index: glibc-2.20/nis/nss_compat/compat-grp.c +=================================================================== +--- glibc-2.20.orig/nis/nss_compat/compat-grp.c ++++ glibc-2.20/nis/nss_compat/compat-grp.c +@@ -120,7 +120,7 @@ internal_setgrent (ent_t *ent, int stayo + + if (ent->stream == NULL) + { +- ent->stream = fopen ("/etc/group", "rme"); ++ ent->stream = fopen (SYSCONFDIR "/group", "rme"); + + if (ent->stream == NULL) + status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; +Index: glibc-2.20/nis/nss_compat/compat-initgroups.c +=================================================================== +--- glibc-2.20.orig/nis/nss_compat/compat-initgroups.c ++++ glibc-2.20/nis/nss_compat/compat-initgroups.c +@@ -136,7 +136,7 @@ internal_setgrent (ent_t *ent) + else + ent->blacklist.current = 0; + +- ent->stream = fopen ("/etc/group", "rme"); ++ ent->stream = fopen (SYSCONFDIR "/group", "rme"); + + if (ent->stream == NULL) + status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; +Index: glibc-2.20/nis/nss_compat/compat-pwd.c +=================================================================== +--- glibc-2.20.orig/nis/nss_compat/compat-pwd.c ++++ glibc-2.20/nis/nss_compat/compat-pwd.c +@@ -235,7 +235,7 @@ internal_setpwent (ent_t *ent, int stayo + + if (ent->stream == NULL) + { +- ent->stream = fopen ("/etc/passwd", "rme"); ++ ent->stream = fopen (SYSCONFDIR "/passwd", "rme"); + + if (ent->stream == NULL) + status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; +Index: glibc-2.20/nis/nss_compat/compat-spwd.c +=================================================================== +--- glibc-2.20.orig/nis/nss_compat/compat-spwd.c ++++ glibc-2.20/nis/nss_compat/compat-spwd.c +@@ -191,7 +191,7 @@ internal_setspent (ent_t *ent, int stayo + + if (ent->stream == NULL) + { +- ent->stream = fopen ("/etc/shadow", "rme"); ++ ent->stream = fopen (SYSCONFDIR "/shadow", "rme"); + + if (ent->stream == NULL) + status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; +Index: glibc-2.20/nss/Makefile +=================================================================== +--- glibc-2.20.orig/nss/Makefile ++++ glibc-2.20/nss/Makefile +@@ -41,6 +41,8 @@ extra-objs += $(makedb-modules:=.o) + + tests = test-netdb tst-nss-test1 test-digits-dots + xtests = bug-erange ++SYSCONF-FLAGS := -D'SYSCONFDIR="$(sysconfdir)"' ++CPPFLAGS-bug-erange.c = $(SYSCONF-FLAGS) + + # Specify rules for the nss_* modules. We have some services. + services := files db +@@ -57,6 +59,8 @@ vpath %.c $(subdir-dirs) ../locale/progr + + libnss_files-routines := $(addprefix files-,$(databases)) \ + files-initgroups files-have_o_cloexec files-init ++CPPFLAGS-files-init.c = $(SYSCONF-FLAGS) ++CPPFLAGS-files-initgroups.c = $(SYSCONF-FLAGS) + + libnss_db-dbs := $(addprefix db-,\ + $(filter-out hosts network key alias,\ +@@ -102,7 +106,7 @@ $(libnss_db-dbs:%=$(objpfx)%.c): $(objpf + + $(objpfx)makedb: $(makedb-modules:%=$(objpfx)%.o) + +-$(inst_vardbdir)/Makefile: db-Makefile $(+force) ++$(inst_vardbdir)/Makefile: $(objpfx)db-Makefile $(+force) + $(do-install) + + CFLAGS-nss_test1.c = -DNOT_IN_libc=1 +Index: glibc-2.20/nss/bug-erange.c +=================================================================== +--- glibc-2.20.orig/nss/bug-erange.c ++++ glibc-2.20/nss/bug-erange.c +@@ -37,7 +37,7 @@ main (void) + { + printf ("gethostbyname_r failed: %s (errno: %m)\n", strerror (res)); + +- if (access ("/etc/resolv.conf", R_OK)) ++ if (access (SYSCONFDIR "/resolv.conf", R_OK)) + { + puts ("DNS probably not set up"); + return 0; +Index: glibc-2.20/nss/nss_files/files-init.c +=================================================================== +--- glibc-2.20.orig/nss/nss_files/files-init.c ++++ glibc-2.20/nss/nss_files/files-init.c +@@ -35,33 +35,33 @@ static union \ + } \ + } + +-TF (pwd, "/etc/passwd"); +-TF (grp, "/etc/group"); +-TF (hst, "/etc/hosts"); +-TF (resolv, "/etc/resolv.conf", .call_res_init = 1); +-TF (serv, "/etc/services"); +-TF (netgr, "/etc/netgroup"); ++TF (pwd, SYSCONFDIR "/passwd"); ++TF (grp, SYSCONFDIR "/group"); ++TF (hst, SYSCONFDIR "/hosts"); ++TF (resolv, SYSCONFDIR "/resolv.conf", .call_res_init = 1); ++TF (serv, SYSCONFDIR "/services"); ++TF (netgr, SYSCONFDIR "/netgroup"); + + + void + _nss_files_init (void (*cb) (size_t, struct traced_file *)) + { +- strcpy (pwd_traced_file.file.fname, "/etc/passwd"); ++ strcpy (pwd_traced_file.file.fname, SYSCONFDIR "/passwd"); + cb (pwddb, &pwd_traced_file.file); + +- strcpy (grp_traced_file.file.fname, "/etc/group"); ++ strcpy (grp_traced_file.file.fname, SYSCONFDIR "/group"); + cb (grpdb, &grp_traced_file.file); + +- strcpy (hst_traced_file.file.fname, "/etc/hosts"); ++ strcpy (hst_traced_file.file.fname, SYSCONFDIR "/hosts"); + cb (hstdb, &hst_traced_file.file); + +- strcpy (resolv_traced_file.file.fname, "/etc/resolv.conf"); ++ strcpy (resolv_traced_file.file.fname, SYSCONFDIR "/resolv.conf"); + cb (hstdb, &resolv_traced_file.file); + +- strcpy (serv_traced_file.file.fname, "/etc/services"); ++ strcpy (serv_traced_file.file.fname, SYSCONFDIR "/services"); + cb (servdb, &serv_traced_file.file); + +- strcpy (netgr_traced_file.file.fname, "/etc/netgroup"); ++ strcpy (netgr_traced_file.file.fname, SYSCONFDIR "/netgroup"); + cb (netgrdb, &netgr_traced_file.file); + } + +Index: glibc-2.20/nss/nss_files/files-initgroups.c +=================================================================== +--- glibc-2.20.orig/nss/nss_files/files-initgroups.c ++++ glibc-2.20/nss/nss_files/files-initgroups.c +@@ -31,7 +31,7 @@ _nss_files_initgroups_dyn (const char *u + long int *size, gid_t **groupsp, long int limit, + int *errnop) + { +- FILE *stream = fopen ("/etc/group", "rce"); ++ FILE *stream = fopen (SYSCONFDIR "/group", "rce"); + if (stream == NULL) + { + *errnop = errno; +Index: glibc-2.20/nss/db-Makefile +=================================================================== +--- glibc-2.20.orig/nss/db-Makefile ++++ /dev/null +@@ -1,166 +0,0 @@ +-# Makefile to (re-)generate db versions of system database files. +-# Copyright (C) 1996-2014 Free Software Foundation, Inc. +-# This file is part of the GNU C Library. +-# Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996. +-# +- +-# The GNU C Library is free software; you can redistribute it and/or +-# modify it under the terms of the GNU Lesser General Public +-# License as published by the Free Software Foundation; either +-# version 2.1 of the License, or (at your option) any later version. +- +-# The GNU C Library is distributed in the hope that it will be useful, +-# but WITHOUT ANY WARRANTY; without even the implied warranty of +-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +-# Lesser General Public License for more details. +- +-# You should have received a copy of the GNU Lesser General Public +-# License along with the GNU C Library; if not, see +-# <http://www.gnu.org/licenses/>. +- +-DATABASES = $(wildcard /etc/passwd /etc/group /etc/ethers /etc/protocols \ +- /etc/rpc /etc/services /etc/shadow /etc/gshadow \ +- /etc/netgroup) +- +-VAR_DB = /var/db +- +-AWK = awk +-MAKEDB = makedb --quiet +- +-all: $(patsubst %,$(VAR_DB)/%.db,$(notdir $(DATABASES))) +- +- +-$(VAR_DB)/passwd.db: /etc/passwd +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$3; print }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/group.db: /etc/group +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$3; print; \ +- if ($$4 != "") { \ +- split($$4, grmems, ","); \ +- for (memidx in grmems) { \ +- mem=grmems[memidx]; \ +- if (members[mem] == "") \ +- members[mem]=$$3; \ +- else \ +- members[mem]=members[mem] "," $$3; \ +- } \ +- delete grmems; } } \ +- END { for (mem in members) \ +- printf ":%s %s %s\n", mem, mem, members[mem]; }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/ethers.db: /etc/ethers +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) '/^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$2; print }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/protocols.db: /etc/protocols +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) '/^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$2; print; \ +- for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ +- { printf ".%s ", $$i; print } }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/rpc.db: /etc/rpc +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) '/^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print; \ +- printf "=%s ", $$2; print; \ +- for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ +- { printf ".%s ", $$i; print } }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/services.db: /etc/services +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS="[ \t/]+" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { sub(/[ \t]*#.*$$/, "");\ +- printf ":%s/%s ", $$1, $$3; print; \ +- printf ":%s/ ", $$1; print; \ +- printf "=%s/%s ", $$2, $$3; print; \ +- printf "=%s/ ", $$2; print; \ +- for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \ +- { printf ":%s/%s ", $$i, $$3; print; \ +- printf ":%s/ ", $$i; print } }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +- +-$(VAR_DB)/shadow.db: /etc/shadow +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print }' $^ | \ +- (umask 077 && $(MAKEDB) -o $@ -) +- @echo "done." +- @if chgrp shadow $@ 2>/dev/null; then \ +- chmod g+r $@; \ +- else \ +- chown 0 $@; chgrp 0 $@; chmod 600 $@; \ +- echo; \ +- echo "Warning: The shadow password database $@"; \ +- echo "has been set to be readable only by root. You may want"; \ +- echo "to make it readable by the \`shadow' group depending"; \ +- echo "on your configuration."; \ +- echo; \ +- fi +- +-$(VAR_DB)/gshadow.db: /etc/gshadow +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { printf ".%s ", $$1; print }' $^ | \ +- (umask 077 && $(MAKEDB) -o $@ -) +- @echo "done." +- @if chgrp shadow $@ 2>/dev/null; then \ +- chmod g+r $@; \ +- else \ +- chown 0 $@; chgrp 0 $@; chmod 600 $@; \ +- echo; \ +- echo "Warning: The shadow group database $@"; \ +- echo "has been set to be readable only by root. You may want"; \ +- echo "to make it readable by the \`shadow' group depending"; \ +- echo "on your configuration."; \ +- echo; \ +- fi +- +-$(VAR_DB)/netgroup.db: /etc/netgroup +- @echo -n "$(patsubst %.db,%,$(@F))... " +- @$(AWK) 'BEGIN { ini=1 } \ +- /^[ \t]*$$/ { next } \ +- /^[ \t]*#/ { next } \ +- /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \ +- else end=""; \ +- gsub(/[ \t]+/, " "); \ +- sub(/^[ \t]*/, ""); \ +- if (ini == 0) printf "%s%s", $$0, end; \ +- else printf ".%s %s%s", $$1, $$0, end; \ +- ini=end == "" ? 0 : 1; } \ +- END { if (ini==0) printf "\n" }' $^ | \ +- $(MAKEDB) -o $@ - +- @echo "done." +Index: glibc-2.20/nss/db-Makefile.in +=================================================================== +--- /dev/null ++++ glibc-2.20/nss/db-Makefile.in +@@ -0,0 +1,173 @@ ++ ++# Makefile to (re-)generate db versions of system database files. ++# Copyright (C) 1996-2014 Free Software Foundation, Inc. ++# This file is part of the GNU C Library. ++# Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996. ++# ++ ++# The GNU C Library is free software; you can redistribute it and/or ++# modify it under the terms of the GNU Lesser General Public ++# License as published by the Free Software Foundation; either ++# version 2.1 of the License, or (at your option) any later version. ++ ++# The GNU C Library is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# Lesser General Public License for more details. ++ ++# You should have received a copy of the GNU Lesser General Public ++# License along with the GNU C Library; if not, see ++# <http://www.gnu.org/licenses/>. ++ ++DATABASES = $(wildcard @libc_cv_sysconfdir@/passwd \ ++ @libc_cv_sysconfdir@/group \ ++ @libc_cv_sysconfdir@/ethers \ ++ @libc_cv_sysconfdir@/protocols \ ++ @libc_cv_sysconfdir@/rpc \ ++ @libc_cv_sysconfdir@/services \ ++ @libc_cv_sysconfdir@/shadow \ ++ @libc_cv_sysconfdir@/gshadow \ ++ @libc_cv_sysconfdir@/netgroup) ++ ++VAR_DB = /var/db ++ ++AWK = awk ++MAKEDB = makedb --quiet ++ ++all: $(patsubst %,$(VAR_DB)/%.db,$(notdir $(DATABASES))) ++ ++ ++$(VAR_DB)/passwd.db: @libc_cv_sysconfdir@/passwd ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$3; print }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/group.db: @libc_cv_sysconfdir@/group ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$3; print; \ ++ if ($$4 != "") { \ ++ split($$4, grmems, ","); \ ++ for (memidx in grmems) { \ ++ mem=grmems[memidx]; \ ++ if (members[mem] == "") \ ++ members[mem]=$$3; \ ++ else \ ++ members[mem]=members[mem] "," $$3; \ ++ } \ ++ delete grmems; } } \ ++ END { for (mem in members) \ ++ printf ":%s %s %s\n", mem, mem, members[mem]; }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/ethers.db: @libc_cv_sysconfdir@/ethers ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) '/^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$2; print }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/protocols.db: @libc_cv_sysconfdir@/protocols ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) '/^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$2; print; \ ++ for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ ++ { printf ".%s ", $$i; print } }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/rpc.db: @libc_cv_sysconfdir@/rpc ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) '/^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print; \ ++ printf "=%s ", $$2; print; \ ++ for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ ++ { printf ".%s ", $$i; print } }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/services.db: @libc_cv_sysconfdir@/services ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS="[ \t/]+" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { sub(/[ \t]*#.*$$/, "");\ ++ printf ":%s/%s ", $$1, $$3; print; \ ++ printf ":%s/ ", $$1; print; \ ++ printf "=%s/%s ", $$2, $$3; print; \ ++ printf "=%s/ ", $$2; print; \ ++ for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \ ++ { printf ":%s/%s ", $$i, $$3; print; \ ++ printf ":%s/ ", $$i; print } }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." ++ ++$(VAR_DB)/shadow.db: @libc_cv_sysconfdir@/shadow ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print }' $^ | \ ++ (umask 077 && $(MAKEDB) -o $@ -) ++ @echo "done." ++ @if chgrp shadow $@ 2>/dev/null; then \ ++ chmod g+r $@; \ ++ else \ ++ chown 0 $@; chgrp 0 $@; chmod 600 $@; \ ++ echo; \ ++ echo "Warning: The shadow password database $@"; \ ++ echo "has been set to be readable only by root. You may want"; \ ++ echo "to make it readable by the \`shadow' group depending"; \ ++ echo "on your configuration."; \ ++ echo; \ ++ fi ++ ++$(VAR_DB)/gshadow.db: @libc_cv_sysconfdir@/gshadow ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { printf ".%s ", $$1; print }' $^ | \ ++ (umask 077 && $(MAKEDB) -o $@ -) ++ @echo "done." ++ @if chgrp shadow $@ 2>/dev/null; then \ ++ chmod g+r $@; \ ++ else \ ++ chown 0 $@; chgrp 0 $@; chmod 600 $@; \ ++ echo; \ ++ echo "Warning: The shadow group database $@"; \ ++ echo "has been set to be readable only by root. You may want"; \ ++ echo "to make it readable by the \`shadow' group depending"; \ ++ echo "on your configuration."; \ ++ echo; \ ++ fi ++ ++$(VAR_DB)/netgroup.db: @libc_cv_sysconfdir@/netgroup ++ @echo -n "$(patsubst %.db,%,$(@F))... " ++ @$(AWK) 'BEGIN { ini=1 } \ ++ /^[ \t]*$$/ { next } \ ++ /^[ \t]*#/ { next } \ ++ /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \ ++ else end=""; \ ++ gsub(/[ \t]+/, " "); \ ++ sub(/^[ \t]*/, ""); \ ++ if (ini == 0) printf "%s%s", $$0, end; \ ++ else printf ".%s %s%s", $$1, $$0, end; \ ++ ini=end == "" ? 0 : 1; } \ ++ END { if (ini==0) printf "\n" }' $^ | \ ++ $(MAKEDB) -o $@ - ++ @echo "done." +Index: glibc-2.20/resolv/netdb.h +=================================================================== +--- glibc-2.20.orig/resolv/netdb.h ++++ /dev/null +@@ -1,715 +0,0 @@ +- /* Copyright (C) 1996-2014 Free Software Foundation, Inc. +- This file is part of the GNU C Library. +- +- The GNU C Library is free software; you can redistribute it and/or +- modify it under the terms of the GNU Lesser General Public +- License as published by the Free Software Foundation; either +- version 2.1 of the License, or (at your option) any later version. +- +- The GNU C Library is distributed in the hope that it will be useful, +- but WITHOUT ANY WARRANTY; without even the implied warranty of +- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- Lesser General Public License for more details. +- +- You should have received a copy of the GNU Lesser General Public +- License along with the GNU C Library; if not, see +- <http://www.gnu.org/licenses/>. */ +- +-/* All data returned by the network data base library are supplied in +- host order and returned in network order (suitable for use in +- system calls). */ +- +-#ifndef _NETDB_H +-#define _NETDB_H 1 +- +-#include <features.h> +- +-#include <netinet/in.h> +-#include <stdint.h> +-#ifdef __USE_MISC +-/* This is necessary to make this include file properly replace the +- Sun version. */ +-# include <rpc/netdb.h> +-#endif +- +-#ifdef __USE_GNU +-# define __need_sigevent_t +-# include <bits/siginfo.h> +-# define __need_timespec +-# include <time.h> +-#endif +- +-#include <bits/netdb.h> +- +-/* Absolute file name for network data base files. */ +-#define _PATH_HEQUIV "/etc/hosts.equiv" +-#define _PATH_HOSTS "/etc/hosts" +-#define _PATH_NETWORKS "/etc/networks" +-#define _PATH_NSSWITCH_CONF "/etc/nsswitch.conf" +-#define _PATH_PROTOCOLS "/etc/protocols" +-#define _PATH_SERVICES "/etc/services" +- +- +-__BEGIN_DECLS +- +-#if defined __USE_MISC || !defined __USE_XOPEN2K8 +-/* Error status for non-reentrant lookup functions. +- We use a macro to access always the thread-specific `h_errno' variable. */ +-# define h_errno (*__h_errno_location ()) +- +-/* Function to get address of global `h_errno' variable. */ +-extern int *__h_errno_location (void) __THROW __attribute__ ((__const__)); +- +- +-/* Possible values left in `h_errno'. */ +-# define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found. */ +-# define TRY_AGAIN 2 /* Non-Authoritative Host not found, +- or SERVERFAIL. */ +-# define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED, +- NOTIMP. */ +-# define NO_DATA 4 /* Valid name, no data record of requested +- type. */ +-#endif +-#ifdef __USE_MISC +-# define NETDB_INTERNAL -1 /* See errno. */ +-# define NETDB_SUCCESS 0 /* No problem. */ +-# define NO_ADDRESS NO_DATA /* No address, look for MX record. */ +-#endif +- +-#if defined __USE_XOPEN2K || defined __USE_XOPEN_EXTENDED +-/* Highest reserved Internet port number. */ +-# define IPPORT_RESERVED 1024 +-#endif +- +-#ifdef __USE_GNU +-/* Scope delimiter for getaddrinfo(), getnameinfo(). */ +-# define SCOPE_DELIMITER '%' +-#endif +- +-#ifdef __USE_MISC +-/* Print error indicated by `h_errno' variable on standard error. STR +- if non-null is printed before the error string. */ +-extern void herror (const char *__str) __THROW; +- +-/* Return string associated with error ERR_NUM. */ +-extern const char *hstrerror (int __err_num) __THROW; +-#endif +- +- +-/* Description of data base entry for a single host. */ +-struct hostent +-{ +- char *h_name; /* Official name of host. */ +- char **h_aliases; /* Alias list. */ +- int h_addrtype; /* Host address type. */ +- int h_length; /* Length of address. */ +- char **h_addr_list; /* List of addresses from name server. */ +-#ifdef __USE_MISC +-# define h_addr h_addr_list[0] /* Address, for backward compatibility.*/ +-#endif +-}; +- +-/* Open host data base files and mark them as staying open even after +- a later search if STAY_OPEN is non-zero. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern void sethostent (int __stay_open); +- +-/* Close host data base files and clear `stay open' flag. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern void endhostent (void); +- +-/* Get next entry from host data base file. Open data base if +- necessary. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct hostent *gethostent (void); +- +-/* Return entry from host data base which address match ADDR with +- length LEN and type TYPE. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct hostent *gethostbyaddr (const void *__addr, __socklen_t __len, +- int __type); +- +-/* Return entry from host data base for host with NAME. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct hostent *gethostbyname (const char *__name); +- +-#ifdef __USE_MISC +-/* Return entry from host data base for host with NAME. AF must be +- set to the address type which is `AF_INET' for IPv4 or `AF_INET6' +- for IPv6. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern struct hostent *gethostbyname2 (const char *__name, int __af); +- +-/* Reentrant versions of the functions above. The additional +- arguments specify a buffer of BUFLEN starting at BUF. The last +- argument is a pointer to a variable which gets the value which +- would be stored in the global variable `herrno' by the +- non-reentrant functions. +- +- These functions are not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation they are cancellation points and +- therefore not marked with __THROW. */ +-extern int gethostent_r (struct hostent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct hostent **__restrict __result, +- int *__restrict __h_errnop); +- +-extern int gethostbyaddr_r (const void *__restrict __addr, __socklen_t __len, +- int __type, +- struct hostent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct hostent **__restrict __result, +- int *__restrict __h_errnop); +- +-extern int gethostbyname_r (const char *__restrict __name, +- struct hostent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct hostent **__restrict __result, +- int *__restrict __h_errnop); +- +-extern int gethostbyname2_r (const char *__restrict __name, int __af, +- struct hostent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct hostent **__restrict __result, +- int *__restrict __h_errnop); +-#endif /* misc */ +- +- +-/* Open network data base files and mark them as staying open even +- after a later search if STAY_OPEN is non-zero. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern void setnetent (int __stay_open); +- +-/* Close network data base files and clear `stay open' flag. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern void endnetent (void); +- +-/* Get next entry from network data base file. Open data base if +- necessary. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct netent *getnetent (void); +- +-/* Return entry from network data base which address match NET and +- type TYPE. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct netent *getnetbyaddr (uint32_t __net, int __type); +- +-/* Return entry from network data base for network with NAME. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct netent *getnetbyname (const char *__name); +- +-#ifdef __USE_MISC +-/* Reentrant versions of the functions above. The additional +- arguments specify a buffer of BUFLEN starting at BUF. The last +- argument is a pointer to a variable which gets the value which +- would be stored in the global variable `herrno' by the +- non-reentrant functions. +- +- These functions are not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation they are cancellation points and +- therefore not marked with __THROW. */ +-extern int getnetent_r (struct netent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct netent **__restrict __result, +- int *__restrict __h_errnop); +- +-extern int getnetbyaddr_r (uint32_t __net, int __type, +- struct netent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct netent **__restrict __result, +- int *__restrict __h_errnop); +- +-extern int getnetbyname_r (const char *__restrict __name, +- struct netent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct netent **__restrict __result, +- int *__restrict __h_errnop); +-#endif /* misc */ +- +- +-/* Description of data base entry for a single service. */ +-struct servent +-{ +- char *s_name; /* Official service name. */ +- char **s_aliases; /* Alias list. */ +- int s_port; /* Port number. */ +- char *s_proto; /* Protocol to use. */ +-}; +- +-/* Open service data base files and mark them as staying open even +- after a later search if STAY_OPEN is non-zero. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern void setservent (int __stay_open); +- +-/* Close service data base files and clear `stay open' flag. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern void endservent (void); +- +-/* Get next entry from service data base file. Open data base if +- necessary. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct servent *getservent (void); +- +-/* Return entry from network data base for network with NAME and +- protocol PROTO. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct servent *getservbyname (const char *__name, const char *__proto); +- +-/* Return entry from service data base which matches port PORT and +- protocol PROTO. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct servent *getservbyport (int __port, const char *__proto); +- +- +-#ifdef __USE_MISC +-/* Reentrant versions of the functions above. The additional +- arguments specify a buffer of BUFLEN starting at BUF. +- +- These functions are not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation they are cancellation points and +- therefore not marked with __THROW. */ +-extern int getservent_r (struct servent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct servent **__restrict __result); +- +-extern int getservbyname_r (const char *__restrict __name, +- const char *__restrict __proto, +- struct servent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct servent **__restrict __result); +- +-extern int getservbyport_r (int __port, const char *__restrict __proto, +- struct servent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct servent **__restrict __result); +-#endif /* misc */ +- +- +-/* Description of data base entry for a single service. */ +-struct protoent +-{ +- char *p_name; /* Official protocol name. */ +- char **p_aliases; /* Alias list. */ +- int p_proto; /* Protocol number. */ +-}; +- +-/* Open protocol data base files and mark them as staying open even +- after a later search if STAY_OPEN is non-zero. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern void setprotoent (int __stay_open); +- +-/* Close protocol data base files and clear `stay open' flag. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern void endprotoent (void); +- +-/* Get next entry from protocol data base file. Open data base if +- necessary. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct protoent *getprotoent (void); +- +-/* Return entry from protocol data base for network with NAME. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct protoent *getprotobyname (const char *__name); +- +-/* Return entry from protocol data base which number is PROTO. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern struct protoent *getprotobynumber (int __proto); +- +- +-#ifdef __USE_MISC +-/* Reentrant versions of the functions above. The additional +- arguments specify a buffer of BUFLEN starting at BUF. +- +- These functions are not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation they are cancellation points and +- therefore not marked with __THROW. */ +-extern int getprotoent_r (struct protoent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct protoent **__restrict __result); +- +-extern int getprotobyname_r (const char *__restrict __name, +- struct protoent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct protoent **__restrict __result); +- +-extern int getprotobynumber_r (int __proto, +- struct protoent *__restrict __result_buf, +- char *__restrict __buf, size_t __buflen, +- struct protoent **__restrict __result); +- +- +-/* Establish network group NETGROUP for enumeration. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int setnetgrent (const char *__netgroup); +- +-/* Free all space allocated by previous `setnetgrent' call. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern void endnetgrent (void); +- +-/* Get next member of netgroup established by last `setnetgrent' call +- and return pointers to elements in HOSTP, USERP, and DOMAINP. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int getnetgrent (char **__restrict __hostp, +- char **__restrict __userp, +- char **__restrict __domainp); +- +- +-/* Test whether NETGROUP contains the triple (HOST,USER,DOMAIN). +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int innetgr (const char *__netgroup, const char *__host, +- const char *__user, const char *__domain); +- +-/* Reentrant version of `getnetgrent' where result is placed in BUFFER. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int getnetgrent_r (char **__restrict __hostp, +- char **__restrict __userp, +- char **__restrict __domainp, +- char *__restrict __buffer, size_t __buflen); +-#endif /* misc */ +- +- +-#ifdef __USE_MISC +-/* Call `rshd' at port RPORT on remote machine *AHOST to execute CMD. +- The local user is LOCUSER, on the remote machine the command is +- executed as REMUSER. In *FD2P the descriptor to the socket for the +- connection is returned. The caller must have the right to use a +- reserved port. When the function returns *AHOST contains the +- official host name. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int rcmd (char **__restrict __ahost, unsigned short int __rport, +- const char *__restrict __locuser, +- const char *__restrict __remuser, +- const char *__restrict __cmd, int *__restrict __fd2p); +- +-/* This is the equivalent function where the protocol can be selected +- and which therefore can be used for IPv6. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int rcmd_af (char **__restrict __ahost, unsigned short int __rport, +- const char *__restrict __locuser, +- const char *__restrict __remuser, +- const char *__restrict __cmd, int *__restrict __fd2p, +- sa_family_t __af); +- +-/* Call `rexecd' at port RPORT on remote machine *AHOST to execute +- CMD. The process runs at the remote machine using the ID of user +- NAME whose cleartext password is PASSWD. In *FD2P the descriptor +- to the socket for the connection is returned. When the function +- returns *AHOST contains the official host name. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int rexec (char **__restrict __ahost, int __rport, +- const char *__restrict __name, +- const char *__restrict __pass, +- const char *__restrict __cmd, int *__restrict __fd2p); +- +-/* This is the equivalent function where the protocol can be selected +- and which therefore can be used for IPv6. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int rexec_af (char **__restrict __ahost, int __rport, +- const char *__restrict __name, +- const char *__restrict __pass, +- const char *__restrict __cmd, int *__restrict __fd2p, +- sa_family_t __af); +- +-/* Check whether user REMUSER on system RHOST is allowed to login as LOCUSER. +- If SUSER is not zero the user tries to become superuser. Return 0 if +- it is possible. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int ruserok (const char *__rhost, int __suser, +- const char *__remuser, const char *__locuser); +- +-/* This is the equivalent function where the protocol can be selected +- and which therefore can be used for IPv6. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int ruserok_af (const char *__rhost, int __suser, +- const char *__remuser, const char *__locuser, +- sa_family_t __af); +- +-/* Check whether user REMUSER on system indicated by IPv4 address +- RADDR is allowed to login as LOCUSER. Non-IPv4 (e.g., IPv6) are +- not supported. If SUSER is not zero the user tries to become +- superuser. Return 0 if it is possible. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int iruserok (uint32_t __raddr, int __suser, +- const char *__remuser, const char *__locuser); +- +-/* This is the equivalent function where the pfamiliy if the address +- pointed to by RADDR is determined by the value of AF. It therefore +- can be used for IPv6 +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int iruserok_af (const void *__raddr, int __suser, +- const char *__remuser, const char *__locuser, +- sa_family_t __af); +- +-/* Try to allocate reserved port, returning a descriptor for a socket opened +- at this port or -1 if unsuccessful. The search for an available port +- will start at ALPORT and continues with lower numbers. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int rresvport (int *__alport); +- +-/* This is the equivalent function where the protocol can be selected +- and which therefore can be used for IPv6. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int rresvport_af (int *__alport, sa_family_t __af); +-#endif +- +- +-/* Extension from POSIX.1g. */ +-#ifdef __USE_POSIX +-/* Structure to contain information about address of a service provider. */ +-struct addrinfo +-{ +- int ai_flags; /* Input flags. */ +- int ai_family; /* Protocol family for socket. */ +- int ai_socktype; /* Socket type. */ +- int ai_protocol; /* Protocol for socket. */ +- socklen_t ai_addrlen; /* Length of socket address. */ +- struct sockaddr *ai_addr; /* Socket address for socket. */ +- char *ai_canonname; /* Canonical name for service location. */ +- struct addrinfo *ai_next; /* Pointer to next in list. */ +-}; +- +-# ifdef __USE_GNU +-/* Structure used as control block for asynchronous lookup. */ +-struct gaicb +-{ +- const char *ar_name; /* Name to look up. */ +- const char *ar_service; /* Service name. */ +- const struct addrinfo *ar_request; /* Additional request specification. */ +- struct addrinfo *ar_result; /* Pointer to result. */ +- /* The following are internal elements. */ +- int __return; +- int __glibc_reserved[5]; +-}; +- +-/* Lookup mode. */ +-# define GAI_WAIT 0 +-# define GAI_NOWAIT 1 +-# endif +- +-/* Possible values for `ai_flags' field in `addrinfo' structure. */ +-# define AI_PASSIVE 0x0001 /* Socket address is intended for `bind'. */ +-# define AI_CANONNAME 0x0002 /* Request for canonical name. */ +-# define AI_NUMERICHOST 0x0004 /* Don't use name resolution. */ +-# define AI_V4MAPPED 0x0008 /* IPv4 mapped addresses are acceptable. */ +-# define AI_ALL 0x0010 /* Return IPv4 mapped and IPv6 addresses. */ +-# define AI_ADDRCONFIG 0x0020 /* Use configuration of this host to choose +- returned address type.. */ +-# ifdef __USE_GNU +-# define AI_IDN 0x0040 /* IDN encode input (assuming it is encoded +- in the current locale's character set) +- before looking it up. */ +-# define AI_CANONIDN 0x0080 /* Translate canonical name from IDN format. */ +-# define AI_IDN_ALLOW_UNASSIGNED 0x0100 /* Don't reject unassigned Unicode +- code points. */ +-# define AI_IDN_USE_STD3_ASCII_RULES 0x0200 /* Validate strings according to +- STD3 rules. */ +-# endif +-# define AI_NUMERICSERV 0x0400 /* Don't use name resolution. */ +- +-/* Error values for `getaddrinfo' function. */ +-# define EAI_BADFLAGS -1 /* Invalid value for `ai_flags' field. */ +-# define EAI_NONAME -2 /* NAME or SERVICE is unknown. */ +-# define EAI_AGAIN -3 /* Temporary failure in name resolution. */ +-# define EAI_FAIL -4 /* Non-recoverable failure in name res. */ +-# define EAI_FAMILY -6 /* `ai_family' not supported. */ +-# define EAI_SOCKTYPE -7 /* `ai_socktype' not supported. */ +-# define EAI_SERVICE -8 /* SERVICE not supported for `ai_socktype'. */ +-# define EAI_MEMORY -10 /* Memory allocation failure. */ +-# define EAI_SYSTEM -11 /* System error returned in `errno'. */ +-# define EAI_OVERFLOW -12 /* Argument buffer overflow. */ +-# ifdef __USE_GNU +-# define EAI_NODATA -5 /* No address associated with NAME. */ +-# define EAI_ADDRFAMILY -9 /* Address family for NAME not supported. */ +-# define EAI_INPROGRESS -100 /* Processing request in progress. */ +-# define EAI_CANCELED -101 /* Request canceled. */ +-# define EAI_NOTCANCELED -102 /* Request not canceled. */ +-# define EAI_ALLDONE -103 /* All requests done. */ +-# define EAI_INTR -104 /* Interrupted by a signal. */ +-# define EAI_IDN_ENCODE -105 /* IDN encoding failed. */ +-# endif +- +-# ifdef __USE_MISC +-# define NI_MAXHOST 1025 +-# define NI_MAXSERV 32 +-# endif +- +-# define NI_NUMERICHOST 1 /* Don't try to look up hostname. */ +-# define NI_NUMERICSERV 2 /* Don't convert port number to name. */ +-# define NI_NOFQDN 4 /* Only return nodename portion. */ +-# define NI_NAMEREQD 8 /* Don't return numeric addresses. */ +-# define NI_DGRAM 16 /* Look up UDP service rather than TCP. */ +-# ifdef __USE_GNU +-# define NI_IDN 32 /* Convert name from IDN format. */ +-# define NI_IDN_ALLOW_UNASSIGNED 64 /* Don't reject unassigned Unicode +- code points. */ +-# define NI_IDN_USE_STD3_ASCII_RULES 128 /* Validate strings according to +- STD3 rules. */ +-# endif +- +-/* Translate name of a service location and/or a service name to set of +- socket addresses. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern int getaddrinfo (const char *__restrict __name, +- const char *__restrict __service, +- const struct addrinfo *__restrict __req, +- struct addrinfo **__restrict __pai); +- +-/* Free `addrinfo' structure AI including associated storage. */ +-extern void freeaddrinfo (struct addrinfo *__ai) __THROW; +- +-/* Convert error return from getaddrinfo() to a string. */ +-extern const char *gai_strerror (int __ecode) __THROW; +- +-/* Translate a socket address to a location and service name. +- +- This function is a possible cancellation point and therefore not +- marked with __THROW. */ +-extern int getnameinfo (const struct sockaddr *__restrict __sa, +- socklen_t __salen, char *__restrict __host, +- socklen_t __hostlen, char *__restrict __serv, +- socklen_t __servlen, int __flags); +-#endif /* POSIX */ +- +-#ifdef __USE_GNU +-/* Enqueue ENT requests from the LIST. If MODE is GAI_WAIT wait until all +- requests are handled. If WAIT is GAI_NOWAIT return immediately after +- queueing the requests and signal completion according to SIG. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int getaddrinfo_a (int __mode, struct gaicb *__list[__restrict_arr], +- int __ent, struct sigevent *__restrict __sig); +- +-/* Suspend execution of the thread until at least one of the ENT requests +- in LIST is handled. If TIMEOUT is not a null pointer it specifies the +- longest time the function keeps waiting before returning with an error. +- +- This function is not part of POSIX and therefore no official +- cancellation point. But due to similarity with an POSIX interface +- or due to the implementation it is a cancellation point and +- therefore not marked with __THROW. */ +-extern int gai_suspend (const struct gaicb *const __list[], int __ent, +- const struct timespec *__timeout); +- +-/* Get the error status of the request REQ. */ +-extern int gai_error (struct gaicb *__req) __THROW; +- +-/* Cancel the requests associated with GAICBP. */ +-extern int gai_cancel (struct gaicb *__gaicbp) __THROW; +-#endif /* GNU */ +- +-__END_DECLS +- +-#endif /* netdb.h */ +Index: glibc-2.20/resolv/resolv.h +=================================================================== +--- glibc-2.20.orig/resolv/resolv.h ++++ /dev/null +@@ -1,389 +0,0 @@ +-/* +- * Copyright (c) 1983, 1987, 1989 +- * The Regents of the University of California. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 4. Neither the name of the University nor the names of its contributors +- * may be used to endorse or promote products derived from this software +- * without specific prior written permission. +- * +- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- */ +- +-/* +- * Portions Copyright (c) 1996-1999 by Internet Software Consortium. +- * +- * Permission to use, copy, modify, and distribute this software for any +- * purpose with or without fee is hereby granted, provided that the above +- * copyright notice and this permission notice appear in all copies. +- * +- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS +- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE +- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL +- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +- * SOFTWARE. +- */ +- +-/* +- * @(#)resolv.h 8.1 (Berkeley) 6/2/93 +- * $BINDId: resolv.h,v 8.31 2000/03/30 20:16:50 vixie Exp $ +- */ +- +-#ifndef _RESOLV_H_ +- +-/* These headers are needed for types used in the `struct res_state' +- declaration. */ +-#include <sys/types.h> +-#include <netinet/in.h> +- +-#ifndef __need_res_state +-# define _RESOLV_H_ +- +-# include <sys/param.h> +-# include <sys/cdefs.h> +-# include <stdio.h> +-# include <arpa/nameser.h> +-#endif +- +-#ifndef __res_state_defined +-# define __res_state_defined +- +-typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error } +- res_sendhookact; +- +-typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *__ns, +- const u_char **__query, +- int *__querylen, +- u_char *__ans, +- int __anssiz, +- int *__resplen); +- +-typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *__ns, +- const u_char *__query, +- int __querylen, +- u_char *__ans, +- int __anssiz, +- int *__resplen); +- +-/* +- * Global defines and variables for resolver stub. +- */ +-# define MAXNS 3 /* max # name servers we'll track */ +-# define MAXDFLSRCH 3 /* # default domain levels to try */ +-# define MAXDNSRCH 6 /* max # domains in search path */ +-# define LOCALDOMAINPARTS 2 /* min levels in name that is "local" */ +- +-# define RES_TIMEOUT 5 /* min. seconds between retries */ +-# define MAXRESOLVSORT 10 /* number of net to sort on */ +-# define RES_MAXNDOTS 15 /* should reflect bit field size */ +-# define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */ +-# define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */ +-# define RES_DFLRETRY 2 /* Default #/tries. */ +-# define RES_MAXTIME 65535 /* Infinity, in milliseconds. */ +- +-struct __res_state { +- int retrans; /* retransmition time interval */ +- int retry; /* number of times to retransmit */ +- u_long options; /* option flags - see below. */ +- int nscount; /* number of name servers */ +- struct sockaddr_in +- nsaddr_list[MAXNS]; /* address of name server */ +-# define nsaddr nsaddr_list[0] /* for backward compatibility */ +- u_short id; /* current message id */ +- /* 2 byte hole here. */ +- char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */ +- char defdname[256]; /* default domain (deprecated) */ +- u_long pfcode; /* RES_PRF_ flags - see below. */ +- unsigned ndots:4; /* threshold for initial abs. query */ +- unsigned nsort:4; /* number of elements in sort_list[] */ +- unsigned ipv6_unavail:1; /* connecting to IPv6 server failed */ +- unsigned unused:23; +- struct { +- struct in_addr addr; +- u_int32_t mask; +- } sort_list[MAXRESOLVSORT]; +- /* 4 byte hole here on 64-bit architectures. */ +- res_send_qhook qhook; /* query hook */ +- res_send_rhook rhook; /* response hook */ +- int res_h_errno; /* last one set for this context */ +- int _vcsock; /* PRIVATE: for res_send VC i/o */ +- u_int _flags; /* PRIVATE: see below */ +- /* 4 byte hole here on 64-bit architectures. */ +- union { +- char pad[52]; /* On an i386 this means 512b total. */ +- struct { +- u_int16_t nscount; +- u_int16_t nsmap[MAXNS]; +- int nssocks[MAXNS]; +- u_int16_t nscount6; +- u_int16_t nsinit; +- struct sockaddr_in6 *nsaddrs[MAXNS]; +-#ifdef _LIBC +- unsigned long long int initstamp +- __attribute__((packed)); +-#else +- unsigned int _initstamp[2]; +-#endif +- } _ext; +- } _u; +-}; +- +-typedef struct __res_state *res_state; +-# undef __need_res_state +-#endif +- +-#ifdef _RESOLV_H_ +-/* +- * Revision information. This is the release date in YYYYMMDD format. +- * It can change every day so the right thing to do with it is use it +- * in preprocessor commands such as "#if (__RES > 19931104)". Do not +- * compare for equality; rather, use it to determine whether your resolver +- * is new enough to contain a certain feature. +- */ +- +-#define __RES 19991006 +- +-/* +- * Resolver configuration file. +- * Normally not present, but may contain the address of the +- * inital name server(s) to query and the domain search list. +- */ +- +-#ifndef _PATH_RESCONF +-#define _PATH_RESCONF "/etc/resolv.conf" +-#endif +- +-struct res_sym { +- int number; /* Identifying number, like T_MX */ +- char * name; /* Its symbolic name, like "MX" */ +- char * humanname; /* Its fun name, like "mail exchanger" */ +-}; +- +-/* +- * Resolver flags (used to be discrete per-module statics ints). +- */ +-#define RES_F_VC 0x00000001 /* socket is TCP */ +-#define RES_F_CONN 0x00000002 /* socket is connected */ +-#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors */ +- +-/* res_findzonecut() options */ +-#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */ +- +-/* +- * Resolver options (keep these in synch with res_debug.c, please) +- */ +-#define RES_INIT 0x00000001 /* address initialized */ +-#define RES_DEBUG 0x00000002 /* print debug messages */ +-#define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/ +-#define RES_USEVC 0x00000008 /* use virtual circuit */ +-#define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */ +-#define RES_IGNTC 0x00000020 /* ignore trucation errors */ +-#define RES_RECURSE 0x00000040 /* recursion desired */ +-#define RES_DEFNAMES 0x00000080 /* use default domain name */ +-#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ +-#define RES_DNSRCH 0x00000200 /* search up local domain tree */ +-#define RES_INSECURE1 0x00000400 /* type 1 security disabled */ +-#define RES_INSECURE2 0x00000800 /* type 2 security disabled */ +-#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ +-#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */ +-#define RES_ROTATE 0x00004000 /* rotate ns list after each query */ +-#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity (!IMPL) */ +-#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */ +-#define RES_BLAST 0x00020000 /* blast all recursive servers */ +-#define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte +- strings */ +-#define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6 +- reverse lookup */ +-#define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */ +-#define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */ +-#define RES_SNGLKUPREOP 0x00400000 /* -"-, but open new socket for each +- request */ +-#define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */ +-#define RES_NOTLDQUERY 0x01000000 /* Do not look up unqualified name +- as a TLD. */ +- +-#define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT) +- +-/* +- * Resolver "pfcode" values. Used by dig. +- */ +-#define RES_PRF_STATS 0x00000001 +-#define RES_PRF_UPDATE 0x00000002 +-#define RES_PRF_CLASS 0x00000004 +-#define RES_PRF_CMD 0x00000008 +-#define RES_PRF_QUES 0x00000010 +-#define RES_PRF_ANS 0x00000020 +-#define RES_PRF_AUTH 0x00000040 +-#define RES_PRF_ADD 0x00000080 +-#define RES_PRF_HEAD1 0x00000100 +-#define RES_PRF_HEAD2 0x00000200 +-#define RES_PRF_TTLID 0x00000400 +-#define RES_PRF_HEADX 0x00000800 +-#define RES_PRF_QUERY 0x00001000 +-#define RES_PRF_REPLY 0x00002000 +-#define RES_PRF_INIT 0x00004000 +-/* 0x00008000 */ +- +-/* Things involving an internal (static) resolver context. */ +-__BEGIN_DECLS +-extern struct __res_state *__res_state(void) __attribute__ ((__const__)); +-__END_DECLS +-#define _res (*__res_state()) +- +-#ifndef __BIND_NOSTATIC +-#define fp_nquery __fp_nquery +-#define fp_query __fp_query +-#define hostalias __hostalias +-#define p_query __p_query +-#define res_close __res_close +-#define res_init __res_init +-#define res_isourserver __res_isourserver +-#define res_mkquery __res_mkquery +-#define res_query __res_query +-#define res_querydomain __res_querydomain +-#define res_search __res_search +-#define res_send __res_send +- +-__BEGIN_DECLS +-void fp_nquery (const u_char *, int, FILE *) __THROW; +-void fp_query (const u_char *, FILE *) __THROW; +-const char * hostalias (const char *) __THROW; +-void p_query (const u_char *) __THROW; +-void res_close (void) __THROW; +-int res_init (void) __THROW; +-int res_isourserver (const struct sockaddr_in *) __THROW; +-int res_mkquery (int, const char *, int, int, const u_char *, +- int, const u_char *, u_char *, int) __THROW; +-int res_query (const char *, int, int, u_char *, int) __THROW; +-int res_querydomain (const char *, const char *, int, int, +- u_char *, int) __THROW; +-int res_search (const char *, int, int, u_char *, int) __THROW; +-int res_send (const u_char *, int, u_char *, int) __THROW; +-__END_DECLS +-#endif +- +-#define b64_ntop __b64_ntop +-#define b64_pton __b64_pton +-#define dn_comp __dn_comp +-#define dn_count_labels __dn_count_labels +-#define dn_expand __dn_expand +-#define dn_skipname __dn_skipname +-#define fp_resstat __fp_resstat +-#define loc_aton __loc_aton +-#define loc_ntoa __loc_ntoa +-#define p_cdname __p_cdname +-#define p_cdnname __p_cdnname +-#define p_class __p_class +-#define p_fqname __p_fqname +-#define p_fqnname __p_fqnname +-#define p_option __p_option +-#define p_secstodate __p_secstodate +-#define p_section __p_section +-#define p_time __p_time +-#define p_type __p_type +-#define p_rcode __p_rcode +-#define putlong __putlong +-#define putshort __putshort +-#define res_dnok __res_dnok +-#define res_hnok __res_hnok +-#define res_hostalias __res_hostalias +-#define res_mailok __res_mailok +-#define res_nameinquery __res_nameinquery +-#define res_nclose __res_nclose +-#define res_ninit __res_ninit +-#define res_nmkquery __res_nmkquery +-#define res_npquery __res_npquery +-#define res_nquery __res_nquery +-#define res_nquerydomain __res_nquerydomain +-#define res_nsearch __res_nsearch +-#define res_nsend __res_nsend +-#define res_nisourserver __res_nisourserver +-#define res_ownok __res_ownok +-#define res_queriesmatch __res_queriesmatch +-#define res_randomid __res_randomid +-#define sym_ntop __sym_ntop +-#define sym_ntos __sym_ntos +-#define sym_ston __sym_ston +-__BEGIN_DECLS +-int res_hnok (const char *) __THROW; +-int res_ownok (const char *) __THROW; +-int res_mailok (const char *) __THROW; +-int res_dnok (const char *) __THROW; +-int sym_ston (const struct res_sym *, const char *, int *) __THROW; +-const char * sym_ntos (const struct res_sym *, int, int *) __THROW; +-const char * sym_ntop (const struct res_sym *, int, int *) __THROW; +-int b64_ntop (u_char const *, size_t, char *, size_t) __THROW; +-int b64_pton (char const *, u_char *, size_t) __THROW; +-int loc_aton (const char *__ascii, u_char *__binary) __THROW; +-const char * loc_ntoa (const u_char *__binary, char *__ascii) __THROW; +-int dn_skipname (const u_char *, const u_char *) __THROW; +-void putlong (u_int32_t, u_char *) __THROW; +-void putshort (u_int16_t, u_char *) __THROW; +-const char * p_class (int) __THROW; +-const char * p_time (u_int32_t) __THROW; +-const char * p_type (int) __THROW; +-const char * p_rcode (int) __THROW; +-const u_char * p_cdnname (const u_char *, const u_char *, int, FILE *) +- __THROW; +-const u_char * p_cdname (const u_char *, const u_char *, FILE *) __THROW; +-const u_char * p_fqnname (const u_char *__cp, const u_char *__msg, +- int, char *, int) __THROW; +-const u_char * p_fqname (const u_char *, const u_char *, FILE *) __THROW; +-const char * p_option (u_long __option) __THROW; +-char * p_secstodate (u_long) __THROW; +-int dn_count_labels (const char *) __THROW; +-int dn_comp (const char *, u_char *, int, u_char **, u_char **) +- __THROW; +-int dn_expand (const u_char *, const u_char *, const u_char *, +- char *, int) __THROW; +-u_int res_randomid (void) __THROW; +-int res_nameinquery (const char *, int, int, +- const u_char *, const u_char *) __THROW; +-int res_queriesmatch (const u_char *, const u_char *, +- const u_char *, const u_char *) __THROW; +-const char * p_section (int __section, int __opcode) __THROW; +-/* Things involving a resolver context. */ +-int res_ninit (res_state) __THROW; +-int res_nisourserver (const res_state, +- const struct sockaddr_in *) __THROW; +-void fp_resstat (const res_state, FILE *) __THROW; +-void res_npquery (const res_state, const u_char *, int, FILE *) +- __THROW; +-const char * res_hostalias (const res_state, const char *, char *, size_t) +- __THROW; +-int res_nquery (res_state, const char *, int, int, u_char *, int) +- __THROW; +-int res_nsearch (res_state, const char *, int, int, u_char *, int) +- __THROW; +-int res_nquerydomain (res_state, const char *, const char *, int, +- int, u_char *, int) __THROW; +-int res_nmkquery (res_state, int, const char *, int, int, +- const u_char *, int, const u_char *, u_char *, +- int) __THROW; +-int res_nsend (res_state, const u_char *, int, u_char *, int) +- __THROW; +-void res_nclose (res_state) __THROW; +-__END_DECLS +-#endif +- +-#endif /* !_RESOLV_H_ */ +Index: glibc-2.20/shadow/Makefile +=================================================================== +--- glibc-2.20.orig/shadow/Makefile ++++ glibc-2.20/shadow/Makefile +@@ -36,5 +36,6 @@ CFLAGS-fgetspent_r.c = -fexceptions $(li + CFLAGS-putspent.c = -fexceptions $(libio-mtsafe) + CFLAGS-getspnam.c = -fexceptions + CFLAGS-getspnam_r.c = -fexceptions ++CPPFLAGS-lckpwdf.c = -DSYSCONFDIR='"$(sysconfdir)"' + + include ../Rules +Index: glibc-2.20/shadow/lckpwdf.c +=================================================================== +--- glibc-2.20.orig/shadow/lckpwdf.c ++++ glibc-2.20/shadow/lckpwdf.c +@@ -29,7 +29,7 @@ + + + /* Name of the lock file. */ +-#define PWD_LOCKFILE "/etc/.pwd.lock" ++#define PWD_LOCKFILE SYSCONFDIR "/.pwd.lock" + + /* How long to wait for getting the lock before returning with an + error. */ +Index: glibc-2.20/configure.ac +=================================================================== +--- glibc-2.20.orig/configure.ac ++++ glibc-2.20/configure.ac +@@ -2038,7 +2038,8 @@ RELEASE=`sed -n -e 's/^#define RELEASE " + AC_SUBST(VERSION) + AC_SUBST(RELEASE) + +-AC_CONFIG_FILES([config.make Makefile]) ++AC_CONFIG_FILES([config.make Makefile nss/db-Makefile resolv/netdb.h resolv/resolv.h ++ sysdeps/generic/ldconfig.h]) + AC_CONFIG_COMMANDS([default],[[ + case $CONFIG_FILES in *config.make*) + echo "$config_vars" >> config.make;; +Index: glibc-2.20/resolv/netdb.h.in +=================================================================== +--- /dev/null ++++ glibc-2.20/resolv/netdb.h.in +@@ -0,0 +1,715 @@ ++ /* Copyright (C) 1996-2014 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++/* All data returned by the network data base library are supplied in ++ host order and returned in network order (suitable for use in ++ system calls). */ ++ ++#ifndef _NETDB_H ++#define _NETDB_H 1 ++ ++#include <features.h> ++ ++#include <netinet/in.h> ++#include <stdint.h> ++#ifdef __USE_MISC ++/* This is necessary to make this include file properly replace the ++ Sun version. */ ++# include <rpc/netdb.h> ++#endif ++ ++#ifdef __USE_GNU ++# define __need_sigevent_t ++# include <bits/siginfo.h> ++# define __need_timespec ++# include <time.h> ++#endif ++ ++#include <bits/netdb.h> ++ ++/* Absolute file name for network data base files. */ ++#define _PATH_HEQUIV "@libc_cv_sysconfdir@/hosts.equiv" ++#define _PATH_HOSTS "@libc_cv_sysconfdir@/hosts" ++#define _PATH_NETWORKS "@libc_cv_sysconfdir@/networks" ++#define _PATH_NSSWITCH_CONF "@libc_cv_sysconfdir@/nsswitch.conf" ++#define _PATH_PROTOCOLS "@libc_cv_sysconfdir@/protocols" ++#define _PATH_SERVICES "@libc_cv_sysconfdir@/services" ++ ++ ++__BEGIN_DECLS ++ ++#if defined __USE_MISC || !defined __USE_XOPEN2K8 ++/* Error status for non-reentrant lookup functions. ++ We use a macro to access always the thread-specific `h_errno' variable. */ ++# define h_errno (*__h_errno_location ()) ++ ++/* Function to get address of global `h_errno' variable. */ ++extern int *__h_errno_location (void) __THROW __attribute__ ((__const__)); ++ ++ ++/* Possible values left in `h_errno'. */ ++# define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found. */ ++# define TRY_AGAIN 2 /* Non-Authoritative Host not found, ++ or SERVERFAIL. */ ++# define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED, ++ NOTIMP. */ ++# define NO_DATA 4 /* Valid name, no data record of requested ++ type. */ ++#endif ++#ifdef __USE_MISC ++# define NETDB_INTERNAL -1 /* See errno. */ ++# define NETDB_SUCCESS 0 /* No problem. */ ++# define NO_ADDRESS NO_DATA /* No address, look for MX record. */ ++#endif ++ ++#if defined __USE_XOPEN2K || defined __USE_XOPEN_EXTENDED ++/* Highest reserved Internet port number. */ ++# define IPPORT_RESERVED 1024 ++#endif ++ ++#ifdef __USE_GNU ++/* Scope delimiter for getaddrinfo(), getnameinfo(). */ ++# define SCOPE_DELIMITER '%' ++#endif ++ ++#ifdef __USE_MISC ++/* Print error indicated by `h_errno' variable on standard error. STR ++ if non-null is printed before the error string. */ ++extern void herror (const char *__str) __THROW; ++ ++/* Return string associated with error ERR_NUM. */ ++extern const char *hstrerror (int __err_num) __THROW; ++#endif ++ ++ ++/* Description of data base entry for a single host. */ ++struct hostent ++{ ++ char *h_name; /* Official name of host. */ ++ char **h_aliases; /* Alias list. */ ++ int h_addrtype; /* Host address type. */ ++ int h_length; /* Length of address. */ ++ char **h_addr_list; /* List of addresses from name server. */ ++#ifdef __USE_MISC ++# define h_addr h_addr_list[0] /* Address, for backward compatibility.*/ ++#endif ++}; ++ ++/* Open host data base files and mark them as staying open even after ++ a later search if STAY_OPEN is non-zero. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void sethostent (int __stay_open); ++ ++/* Close host data base files and clear `stay open' flag. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void endhostent (void); ++ ++/* Get next entry from host data base file. Open data base if ++ necessary. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct hostent *gethostent (void); ++ ++/* Return entry from host data base which address match ADDR with ++ length LEN and type TYPE. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct hostent *gethostbyaddr (const void *__addr, __socklen_t __len, ++ int __type); ++ ++/* Return entry from host data base for host with NAME. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct hostent *gethostbyname (const char *__name); ++ ++#ifdef __USE_MISC ++/* Return entry from host data base for host with NAME. AF must be ++ set to the address type which is `AF_INET' for IPv4 or `AF_INET6' ++ for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern struct hostent *gethostbyname2 (const char *__name, int __af); ++ ++/* Reentrant versions of the functions above. The additional ++ arguments specify a buffer of BUFLEN starting at BUF. The last ++ argument is a pointer to a variable which gets the value which ++ would be stored in the global variable `herrno' by the ++ non-reentrant functions. ++ ++ These functions are not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation they are cancellation points and ++ therefore not marked with __THROW. */ ++extern int gethostent_r (struct hostent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct hostent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int gethostbyaddr_r (const void *__restrict __addr, __socklen_t __len, ++ int __type, ++ struct hostent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct hostent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int gethostbyname_r (const char *__restrict __name, ++ struct hostent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct hostent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int gethostbyname2_r (const char *__restrict __name, int __af, ++ struct hostent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct hostent **__restrict __result, ++ int *__restrict __h_errnop); ++#endif /* misc */ ++ ++ ++/* Open network data base files and mark them as staying open even ++ after a later search if STAY_OPEN is non-zero. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void setnetent (int __stay_open); ++ ++/* Close network data base files and clear `stay open' flag. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void endnetent (void); ++ ++/* Get next entry from network data base file. Open data base if ++ necessary. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct netent *getnetent (void); ++ ++/* Return entry from network data base which address match NET and ++ type TYPE. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct netent *getnetbyaddr (uint32_t __net, int __type); ++ ++/* Return entry from network data base for network with NAME. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct netent *getnetbyname (const char *__name); ++ ++#ifdef __USE_MISC ++/* Reentrant versions of the functions above. The additional ++ arguments specify a buffer of BUFLEN starting at BUF. The last ++ argument is a pointer to a variable which gets the value which ++ would be stored in the global variable `herrno' by the ++ non-reentrant functions. ++ ++ These functions are not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation they are cancellation points and ++ therefore not marked with __THROW. */ ++extern int getnetent_r (struct netent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct netent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int getnetbyaddr_r (uint32_t __net, int __type, ++ struct netent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct netent **__restrict __result, ++ int *__restrict __h_errnop); ++ ++extern int getnetbyname_r (const char *__restrict __name, ++ struct netent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct netent **__restrict __result, ++ int *__restrict __h_errnop); ++#endif /* misc */ ++ ++ ++/* Description of data base entry for a single service. */ ++struct servent ++{ ++ char *s_name; /* Official service name. */ ++ char **s_aliases; /* Alias list. */ ++ int s_port; /* Port number. */ ++ char *s_proto; /* Protocol to use. */ ++}; ++ ++/* Open service data base files and mark them as staying open even ++ after a later search if STAY_OPEN is non-zero. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void setservent (int __stay_open); ++ ++/* Close service data base files and clear `stay open' flag. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void endservent (void); ++ ++/* Get next entry from service data base file. Open data base if ++ necessary. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct servent *getservent (void); ++ ++/* Return entry from network data base for network with NAME and ++ protocol PROTO. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct servent *getservbyname (const char *__name, const char *__proto); ++ ++/* Return entry from service data base which matches port PORT and ++ protocol PROTO. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct servent *getservbyport (int __port, const char *__proto); ++ ++ ++#ifdef __USE_MISC ++/* Reentrant versions of the functions above. The additional ++ arguments specify a buffer of BUFLEN starting at BUF. ++ ++ These functions are not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation they are cancellation points and ++ therefore not marked with __THROW. */ ++extern int getservent_r (struct servent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct servent **__restrict __result); ++ ++extern int getservbyname_r (const char *__restrict __name, ++ const char *__restrict __proto, ++ struct servent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct servent **__restrict __result); ++ ++extern int getservbyport_r (int __port, const char *__restrict __proto, ++ struct servent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct servent **__restrict __result); ++#endif /* misc */ ++ ++ ++/* Description of data base entry for a single service. */ ++struct protoent ++{ ++ char *p_name; /* Official protocol name. */ ++ char **p_aliases; /* Alias list. */ ++ int p_proto; /* Protocol number. */ ++}; ++ ++/* Open protocol data base files and mark them as staying open even ++ after a later search if STAY_OPEN is non-zero. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void setprotoent (int __stay_open); ++ ++/* Close protocol data base files and clear `stay open' flag. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern void endprotoent (void); ++ ++/* Get next entry from protocol data base file. Open data base if ++ necessary. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct protoent *getprotoent (void); ++ ++/* Return entry from protocol data base for network with NAME. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct protoent *getprotobyname (const char *__name); ++ ++/* Return entry from protocol data base which number is PROTO. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern struct protoent *getprotobynumber (int __proto); ++ ++ ++#ifdef __USE_MISC ++/* Reentrant versions of the functions above. The additional ++ arguments specify a buffer of BUFLEN starting at BUF. ++ ++ These functions are not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation they are cancellation points and ++ therefore not marked with __THROW. */ ++extern int getprotoent_r (struct protoent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct protoent **__restrict __result); ++ ++extern int getprotobyname_r (const char *__restrict __name, ++ struct protoent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct protoent **__restrict __result); ++ ++extern int getprotobynumber_r (int __proto, ++ struct protoent *__restrict __result_buf, ++ char *__restrict __buf, size_t __buflen, ++ struct protoent **__restrict __result); ++ ++ ++/* Establish network group NETGROUP for enumeration. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int setnetgrent (const char *__netgroup); ++ ++/* Free all space allocated by previous `setnetgrent' call. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern void endnetgrent (void); ++ ++/* Get next member of netgroup established by last `setnetgrent' call ++ and return pointers to elements in HOSTP, USERP, and DOMAINP. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int getnetgrent (char **__restrict __hostp, ++ char **__restrict __userp, ++ char **__restrict __domainp); ++ ++ ++/* Test whether NETGROUP contains the triple (HOST,USER,DOMAIN). ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int innetgr (const char *__netgroup, const char *__host, ++ const char *__user, const char *__domain); ++ ++/* Reentrant version of `getnetgrent' where result is placed in BUFFER. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int getnetgrent_r (char **__restrict __hostp, ++ char **__restrict __userp, ++ char **__restrict __domainp, ++ char *__restrict __buffer, size_t __buflen); ++#endif /* misc */ ++ ++ ++#ifdef __USE_MISC ++/* Call `rshd' at port RPORT on remote machine *AHOST to execute CMD. ++ The local user is LOCUSER, on the remote machine the command is ++ executed as REMUSER. In *FD2P the descriptor to the socket for the ++ connection is returned. The caller must have the right to use a ++ reserved port. When the function returns *AHOST contains the ++ official host name. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rcmd (char **__restrict __ahost, unsigned short int __rport, ++ const char *__restrict __locuser, ++ const char *__restrict __remuser, ++ const char *__restrict __cmd, int *__restrict __fd2p); ++ ++/* This is the equivalent function where the protocol can be selected ++ and which therefore can be used for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rcmd_af (char **__restrict __ahost, unsigned short int __rport, ++ const char *__restrict __locuser, ++ const char *__restrict __remuser, ++ const char *__restrict __cmd, int *__restrict __fd2p, ++ sa_family_t __af); ++ ++/* Call `rexecd' at port RPORT on remote machine *AHOST to execute ++ CMD. The process runs at the remote machine using the ID of user ++ NAME whose cleartext password is PASSWD. In *FD2P the descriptor ++ to the socket for the connection is returned. When the function ++ returns *AHOST contains the official host name. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rexec (char **__restrict __ahost, int __rport, ++ const char *__restrict __name, ++ const char *__restrict __pass, ++ const char *__restrict __cmd, int *__restrict __fd2p); ++ ++/* This is the equivalent function where the protocol can be selected ++ and which therefore can be used for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rexec_af (char **__restrict __ahost, int __rport, ++ const char *__restrict __name, ++ const char *__restrict __pass, ++ const char *__restrict __cmd, int *__restrict __fd2p, ++ sa_family_t __af); ++ ++/* Check whether user REMUSER on system RHOST is allowed to login as LOCUSER. ++ If SUSER is not zero the user tries to become superuser. Return 0 if ++ it is possible. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int ruserok (const char *__rhost, int __suser, ++ const char *__remuser, const char *__locuser); ++ ++/* This is the equivalent function where the protocol can be selected ++ and which therefore can be used for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int ruserok_af (const char *__rhost, int __suser, ++ const char *__remuser, const char *__locuser, ++ sa_family_t __af); ++ ++/* Check whether user REMUSER on system indicated by IPv4 address ++ RADDR is allowed to login as LOCUSER. Non-IPv4 (e.g., IPv6) are ++ not supported. If SUSER is not zero the user tries to become ++ superuser. Return 0 if it is possible. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int iruserok (uint32_t __raddr, int __suser, ++ const char *__remuser, const char *__locuser); ++ ++/* This is the equivalent function where the pfamiliy if the address ++ pointed to by RADDR is determined by the value of AF. It therefore ++ can be used for IPv6 ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int iruserok_af (const void *__raddr, int __suser, ++ const char *__remuser, const char *__locuser, ++ sa_family_t __af); ++ ++/* Try to allocate reserved port, returning a descriptor for a socket opened ++ at this port or -1 if unsuccessful. The search for an available port ++ will start at ALPORT and continues with lower numbers. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rresvport (int *__alport); ++ ++/* This is the equivalent function where the protocol can be selected ++ and which therefore can be used for IPv6. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int rresvport_af (int *__alport, sa_family_t __af); ++#endif ++ ++ ++/* Extension from POSIX.1g. */ ++#ifdef __USE_POSIX ++/* Structure to contain information about address of a service provider. */ ++struct addrinfo ++{ ++ int ai_flags; /* Input flags. */ ++ int ai_family; /* Protocol family for socket. */ ++ int ai_socktype; /* Socket type. */ ++ int ai_protocol; /* Protocol for socket. */ ++ socklen_t ai_addrlen; /* Length of socket address. */ ++ struct sockaddr *ai_addr; /* Socket address for socket. */ ++ char *ai_canonname; /* Canonical name for service location. */ ++ struct addrinfo *ai_next; /* Pointer to next in list. */ ++}; ++ ++# ifdef __USE_GNU ++/* Structure used as control block for asynchronous lookup. */ ++struct gaicb ++{ ++ const char *ar_name; /* Name to look up. */ ++ const char *ar_service; /* Service name. */ ++ const struct addrinfo *ar_request; /* Additional request specification. */ ++ struct addrinfo *ar_result; /* Pointer to result. */ ++ /* The following are internal elements. */ ++ int __return; ++ int __glibc_reserved[5]; ++}; ++ ++/* Lookup mode. */ ++# define GAI_WAIT 0 ++# define GAI_NOWAIT 1 ++# endif ++ ++/* Possible values for `ai_flags' field in `addrinfo' structure. */ ++# define AI_PASSIVE 0x0001 /* Socket address is intended for `bind'. */ ++# define AI_CANONNAME 0x0002 /* Request for canonical name. */ ++# define AI_NUMERICHOST 0x0004 /* Don't use name resolution. */ ++# define AI_V4MAPPED 0x0008 /* IPv4 mapped addresses are acceptable. */ ++# define AI_ALL 0x0010 /* Return IPv4 mapped and IPv6 addresses. */ ++# define AI_ADDRCONFIG 0x0020 /* Use configuration of this host to choose ++ returned address type.. */ ++# ifdef __USE_GNU ++# define AI_IDN 0x0040 /* IDN encode input (assuming it is encoded ++ in the current locale's character set) ++ before looking it up. */ ++# define AI_CANONIDN 0x0080 /* Translate canonical name from IDN format. */ ++# define AI_IDN_ALLOW_UNASSIGNED 0x0100 /* Don't reject unassigned Unicode ++ code points. */ ++# define AI_IDN_USE_STD3_ASCII_RULES 0x0200 /* Validate strings according to ++ STD3 rules. */ ++# endif ++# define AI_NUMERICSERV 0x0400 /* Don't use name resolution. */ ++ ++/* Error values for `getaddrinfo' function. */ ++# define EAI_BADFLAGS -1 /* Invalid value for `ai_flags' field. */ ++# define EAI_NONAME -2 /* NAME or SERVICE is unknown. */ ++# define EAI_AGAIN -3 /* Temporary failure in name resolution. */ ++# define EAI_FAIL -4 /* Non-recoverable failure in name res. */ ++# define EAI_FAMILY -6 /* `ai_family' not supported. */ ++# define EAI_SOCKTYPE -7 /* `ai_socktype' not supported. */ ++# define EAI_SERVICE -8 /* SERVICE not supported for `ai_socktype'. */ ++# define EAI_MEMORY -10 /* Memory allocation failure. */ ++# define EAI_SYSTEM -11 /* System error returned in `errno'. */ ++# define EAI_OVERFLOW -12 /* Argument buffer overflow. */ ++# ifdef __USE_GNU ++# define EAI_NODATA -5 /* No address associated with NAME. */ ++# define EAI_ADDRFAMILY -9 /* Address family for NAME not supported. */ ++# define EAI_INPROGRESS -100 /* Processing request in progress. */ ++# define EAI_CANCELED -101 /* Request canceled. */ ++# define EAI_NOTCANCELED -102 /* Request not canceled. */ ++# define EAI_ALLDONE -103 /* All requests done. */ ++# define EAI_INTR -104 /* Interrupted by a signal. */ ++# define EAI_IDN_ENCODE -105 /* IDN encoding failed. */ ++# endif ++ ++# ifdef __USE_MISC ++# define NI_MAXHOST 1025 ++# define NI_MAXSERV 32 ++# endif ++ ++# define NI_NUMERICHOST 1 /* Don't try to look up hostname. */ ++# define NI_NUMERICSERV 2 /* Don't convert port number to name. */ ++# define NI_NOFQDN 4 /* Only return nodename portion. */ ++# define NI_NAMEREQD 8 /* Don't return numeric addresses. */ ++# define NI_DGRAM 16 /* Look up UDP service rather than TCP. */ ++# ifdef __USE_GNU ++# define NI_IDN 32 /* Convert name from IDN format. */ ++# define NI_IDN_ALLOW_UNASSIGNED 64 /* Don't reject unassigned Unicode ++ code points. */ ++# define NI_IDN_USE_STD3_ASCII_RULES 128 /* Validate strings according to ++ STD3 rules. */ ++# endif ++ ++/* Translate name of a service location and/or a service name to set of ++ socket addresses. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern int getaddrinfo (const char *__restrict __name, ++ const char *__restrict __service, ++ const struct addrinfo *__restrict __req, ++ struct addrinfo **__restrict __pai); ++ ++/* Free `addrinfo' structure AI including associated storage. */ ++extern void freeaddrinfo (struct addrinfo *__ai) __THROW; ++ ++/* Convert error return from getaddrinfo() to a string. */ ++extern const char *gai_strerror (int __ecode) __THROW; ++ ++/* Translate a socket address to a location and service name. ++ ++ This function is a possible cancellation point and therefore not ++ marked with __THROW. */ ++extern int getnameinfo (const struct sockaddr *__restrict __sa, ++ socklen_t __salen, char *__restrict __host, ++ socklen_t __hostlen, char *__restrict __serv, ++ socklen_t __servlen, int __flags); ++#endif /* POSIX */ ++ ++#ifdef __USE_GNU ++/* Enqueue ENT requests from the LIST. If MODE is GAI_WAIT wait until all ++ requests are handled. If WAIT is GAI_NOWAIT return immediately after ++ queueing the requests and signal completion according to SIG. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int getaddrinfo_a (int __mode, struct gaicb *__list[__restrict_arr], ++ int __ent, struct sigevent *__restrict __sig); ++ ++/* Suspend execution of the thread until at least one of the ENT requests ++ in LIST is handled. If TIMEOUT is not a null pointer it specifies the ++ longest time the function keeps waiting before returning with an error. ++ ++ This function is not part of POSIX and therefore no official ++ cancellation point. But due to similarity with an POSIX interface ++ or due to the implementation it is a cancellation point and ++ therefore not marked with __THROW. */ ++extern int gai_suspend (const struct gaicb *const __list[], int __ent, ++ const struct timespec *__timeout); ++ ++/* Get the error status of the request REQ. */ ++extern int gai_error (struct gaicb *__req) __THROW; ++ ++/* Cancel the requests associated with GAICBP. */ ++extern int gai_cancel (struct gaicb *__gaicbp) __THROW; ++#endif /* GNU */ ++ ++__END_DECLS ++ ++#endif /* netdb.h */ +Index: glibc-2.20/resolv/resolv.h.in +=================================================================== +--- /dev/null ++++ glibc-2.20/resolv/resolv.h.in +@@ -0,0 +1,389 @@ ++/* ++ * Copyright (c) 1983, 1987, 1989 ++ * The Regents of the University of California. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 4. Neither the name of the University nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++/* ++ * Portions Copyright (c) 1996-1999 by Internet Software Consortium. ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE ++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL ++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR ++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ++ * SOFTWARE. ++ */ ++ ++/* ++ * @(#)resolv.h 8.1 (Berkeley) 6/2/93 ++ * $BINDId: resolv.h,v 8.31 2000/03/30 20:16:50 vixie Exp $ ++ */ ++ ++#ifndef _RESOLV_H_ ++ ++/* These headers are needed for types used in the `struct res_state' ++ declaration. */ ++#include <sys/types.h> ++#include <netinet/in.h> ++ ++#ifndef __need_res_state ++# define _RESOLV_H_ ++ ++# include <sys/param.h> ++# include <sys/cdefs.h> ++# include <stdio.h> ++# include <arpa/nameser.h> ++#endif ++ ++#ifndef __res_state_defined ++# define __res_state_defined ++ ++typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error } ++ res_sendhookact; ++ ++typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *__ns, ++ const u_char **__query, ++ int *__querylen, ++ u_char *__ans, ++ int __anssiz, ++ int *__resplen); ++ ++typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *__ns, ++ const u_char *__query, ++ int __querylen, ++ u_char *__ans, ++ int __anssiz, ++ int *__resplen); ++ ++/* ++ * Global defines and variables for resolver stub. ++ */ ++# define MAXNS 3 /* max # name servers we'll track */ ++# define MAXDFLSRCH 3 /* # default domain levels to try */ ++# define MAXDNSRCH 6 /* max # domains in search path */ ++# define LOCALDOMAINPARTS 2 /* min levels in name that is "local" */ ++ ++# define RES_TIMEOUT 5 /* min. seconds between retries */ ++# define MAXRESOLVSORT 10 /* number of net to sort on */ ++# define RES_MAXNDOTS 15 /* should reflect bit field size */ ++# define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */ ++# define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */ ++# define RES_DFLRETRY 2 /* Default #/tries. */ ++# define RES_MAXTIME 65535 /* Infinity, in milliseconds. */ ++ ++struct __res_state { ++ int retrans; /* retransmition time interval */ ++ int retry; /* number of times to retransmit */ ++ u_long options; /* option flags - see below. */ ++ int nscount; /* number of name servers */ ++ struct sockaddr_in ++ nsaddr_list[MAXNS]; /* address of name server */ ++# define nsaddr nsaddr_list[0] /* for backward compatibility */ ++ u_short id; /* current message id */ ++ /* 2 byte hole here. */ ++ char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */ ++ char defdname[256]; /* default domain (deprecated) */ ++ u_long pfcode; /* RES_PRF_ flags - see below. */ ++ unsigned ndots:4; /* threshold for initial abs. query */ ++ unsigned nsort:4; /* number of elements in sort_list[] */ ++ unsigned ipv6_unavail:1; /* connecting to IPv6 server failed */ ++ unsigned unused:23; ++ struct { ++ struct in_addr addr; ++ u_int32_t mask; ++ } sort_list[MAXRESOLVSORT]; ++ /* 4 byte hole here on 64-bit architectures. */ ++ res_send_qhook qhook; /* query hook */ ++ res_send_rhook rhook; /* response hook */ ++ int res_h_errno; /* last one set for this context */ ++ int _vcsock; /* PRIVATE: for res_send VC i/o */ ++ u_int _flags; /* PRIVATE: see below */ ++ /* 4 byte hole here on 64-bit architectures. */ ++ union { ++ char pad[52]; /* On an i386 this means 512b total. */ ++ struct { ++ u_int16_t nscount; ++ u_int16_t nsmap[MAXNS]; ++ int nssocks[MAXNS]; ++ u_int16_t nscount6; ++ u_int16_t nsinit; ++ struct sockaddr_in6 *nsaddrs[MAXNS]; ++#ifdef _LIBC ++ unsigned long long int initstamp ++ __attribute__((packed)); ++#else ++ unsigned int _initstamp[2]; ++#endif ++ } _ext; ++ } _u; ++}; ++ ++typedef struct __res_state *res_state; ++# undef __need_res_state ++#endif ++ ++#ifdef _RESOLV_H_ ++/* ++ * Revision information. This is the release date in YYYYMMDD format. ++ * It can change every day so the right thing to do with it is use it ++ * in preprocessor commands such as "#if (__RES > 19931104)". Do not ++ * compare for equality; rather, use it to determine whether your resolver ++ * is new enough to contain a certain feature. ++ */ ++ ++#define __RES 19991006 ++ ++/* ++ * Resolver configuration file. ++ * Normally not present, but may contain the address of the ++ * inital name server(s) to query and the domain search list. ++ */ ++ ++#ifndef _PATH_RESCONF ++#define _PATH_RESCONF "@libc_cv_sysconfdir@/resolv.conf" ++#endif ++ ++struct res_sym { ++ int number; /* Identifying number, like T_MX */ ++ char * name; /* Its symbolic name, like "MX" */ ++ char * humanname; /* Its fun name, like "mail exchanger" */ ++}; ++ ++/* ++ * Resolver flags (used to be discrete per-module statics ints). ++ */ ++#define RES_F_VC 0x00000001 /* socket is TCP */ ++#define RES_F_CONN 0x00000002 /* socket is connected */ ++#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors */ ++ ++/* res_findzonecut() options */ ++#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */ ++ ++/* ++ * Resolver options (keep these in synch with res_debug.c, please) ++ */ ++#define RES_INIT 0x00000001 /* address initialized */ ++#define RES_DEBUG 0x00000002 /* print debug messages */ ++#define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/ ++#define RES_USEVC 0x00000008 /* use virtual circuit */ ++#define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */ ++#define RES_IGNTC 0x00000020 /* ignore trucation errors */ ++#define RES_RECURSE 0x00000040 /* recursion desired */ ++#define RES_DEFNAMES 0x00000080 /* use default domain name */ ++#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ ++#define RES_DNSRCH 0x00000200 /* search up local domain tree */ ++#define RES_INSECURE1 0x00000400 /* type 1 security disabled */ ++#define RES_INSECURE2 0x00000800 /* type 2 security disabled */ ++#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ ++#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */ ++#define RES_ROTATE 0x00004000 /* rotate ns list after each query */ ++#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity (!IMPL) */ ++#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */ ++#define RES_BLAST 0x00020000 /* blast all recursive servers */ ++#define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte ++ strings */ ++#define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6 ++ reverse lookup */ ++#define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */ ++#define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */ ++#define RES_SNGLKUPREOP 0x00400000 /* -"-, but open new socket for each ++ request */ ++#define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */ ++#define RES_NOTLDQUERY 0x01000000 /* Do not look up unqualified name ++ as a TLD. */ ++ ++#define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT) ++ ++/* ++ * Resolver "pfcode" values. Used by dig. ++ */ ++#define RES_PRF_STATS 0x00000001 ++#define RES_PRF_UPDATE 0x00000002 ++#define RES_PRF_CLASS 0x00000004 ++#define RES_PRF_CMD 0x00000008 ++#define RES_PRF_QUES 0x00000010 ++#define RES_PRF_ANS 0x00000020 ++#define RES_PRF_AUTH 0x00000040 ++#define RES_PRF_ADD 0x00000080 ++#define RES_PRF_HEAD1 0x00000100 ++#define RES_PRF_HEAD2 0x00000200 ++#define RES_PRF_TTLID 0x00000400 ++#define RES_PRF_HEADX 0x00000800 ++#define RES_PRF_QUERY 0x00001000 ++#define RES_PRF_REPLY 0x00002000 ++#define RES_PRF_INIT 0x00004000 ++/* 0x00008000 */ ++ ++/* Things involving an internal (static) resolver context. */ ++__BEGIN_DECLS ++extern struct __res_state *__res_state(void) __attribute__ ((__const__)); ++__END_DECLS ++#define _res (*__res_state()) ++ ++#ifndef __BIND_NOSTATIC ++#define fp_nquery __fp_nquery ++#define fp_query __fp_query ++#define hostalias __hostalias ++#define p_query __p_query ++#define res_close __res_close ++#define res_init __res_init ++#define res_isourserver __res_isourserver ++#define res_mkquery __res_mkquery ++#define res_query __res_query ++#define res_querydomain __res_querydomain ++#define res_search __res_search ++#define res_send __res_send ++ ++__BEGIN_DECLS ++void fp_nquery (const u_char *, int, FILE *) __THROW; ++void fp_query (const u_char *, FILE *) __THROW; ++const char * hostalias (const char *) __THROW; ++void p_query (const u_char *) __THROW; ++void res_close (void) __THROW; ++int res_init (void) __THROW; ++int res_isourserver (const struct sockaddr_in *) __THROW; ++int res_mkquery (int, const char *, int, int, const u_char *, ++ int, const u_char *, u_char *, int) __THROW; ++int res_query (const char *, int, int, u_char *, int) __THROW; ++int res_querydomain (const char *, const char *, int, int, ++ u_char *, int) __THROW; ++int res_search (const char *, int, int, u_char *, int) __THROW; ++int res_send (const u_char *, int, u_char *, int) __THROW; ++__END_DECLS ++#endif ++ ++#define b64_ntop __b64_ntop ++#define b64_pton __b64_pton ++#define dn_comp __dn_comp ++#define dn_count_labels __dn_count_labels ++#define dn_expand __dn_expand ++#define dn_skipname __dn_skipname ++#define fp_resstat __fp_resstat ++#define loc_aton __loc_aton ++#define loc_ntoa __loc_ntoa ++#define p_cdname __p_cdname ++#define p_cdnname __p_cdnname ++#define p_class __p_class ++#define p_fqname __p_fqname ++#define p_fqnname __p_fqnname ++#define p_option __p_option ++#define p_secstodate __p_secstodate ++#define p_section __p_section ++#define p_time __p_time ++#define p_type __p_type ++#define p_rcode __p_rcode ++#define putlong __putlong ++#define putshort __putshort ++#define res_dnok __res_dnok ++#define res_hnok __res_hnok ++#define res_hostalias __res_hostalias ++#define res_mailok __res_mailok ++#define res_nameinquery __res_nameinquery ++#define res_nclose __res_nclose ++#define res_ninit __res_ninit ++#define res_nmkquery __res_nmkquery ++#define res_npquery __res_npquery ++#define res_nquery __res_nquery ++#define res_nquerydomain __res_nquerydomain ++#define res_nsearch __res_nsearch ++#define res_nsend __res_nsend ++#define res_nisourserver __res_nisourserver ++#define res_ownok __res_ownok ++#define res_queriesmatch __res_queriesmatch ++#define res_randomid __res_randomid ++#define sym_ntop __sym_ntop ++#define sym_ntos __sym_ntos ++#define sym_ston __sym_ston ++__BEGIN_DECLS ++int res_hnok (const char *) __THROW; ++int res_ownok (const char *) __THROW; ++int res_mailok (const char *) __THROW; ++int res_dnok (const char *) __THROW; ++int sym_ston (const struct res_sym *, const char *, int *) __THROW; ++const char * sym_ntos (const struct res_sym *, int, int *) __THROW; ++const char * sym_ntop (const struct res_sym *, int, int *) __THROW; ++int b64_ntop (u_char const *, size_t, char *, size_t) __THROW; ++int b64_pton (char const *, u_char *, size_t) __THROW; ++int loc_aton (const char *__ascii, u_char *__binary) __THROW; ++const char * loc_ntoa (const u_char *__binary, char *__ascii) __THROW; ++int dn_skipname (const u_char *, const u_char *) __THROW; ++void putlong (u_int32_t, u_char *) __THROW; ++void putshort (u_int16_t, u_char *) __THROW; ++const char * p_class (int) __THROW; ++const char * p_time (u_int32_t) __THROW; ++const char * p_type (int) __THROW; ++const char * p_rcode (int) __THROW; ++const u_char * p_cdnname (const u_char *, const u_char *, int, FILE *) ++ __THROW; ++const u_char * p_cdname (const u_char *, const u_char *, FILE *) __THROW; ++const u_char * p_fqnname (const u_char *__cp, const u_char *__msg, ++ int, char *, int) __THROW; ++const u_char * p_fqname (const u_char *, const u_char *, FILE *) __THROW; ++const char * p_option (u_long __option) __THROW; ++char * p_secstodate (u_long) __THROW; ++int dn_count_labels (const char *) __THROW; ++int dn_comp (const char *, u_char *, int, u_char **, u_char **) ++ __THROW; ++int dn_expand (const u_char *, const u_char *, const u_char *, ++ char *, int) __THROW; ++u_int res_randomid (void) __THROW; ++int res_nameinquery (const char *, int, int, ++ const u_char *, const u_char *) __THROW; ++int res_queriesmatch (const u_char *, const u_char *, ++ const u_char *, const u_char *) __THROW; ++const char * p_section (int __section, int __opcode) __THROW; ++/* Things involving a resolver context. */ ++int res_ninit (res_state) __THROW; ++int res_nisourserver (const res_state, ++ const struct sockaddr_in *) __THROW; ++void fp_resstat (const res_state, FILE *) __THROW; ++void res_npquery (const res_state, const u_char *, int, FILE *) ++ __THROW; ++const char * res_hostalias (const res_state, const char *, char *, size_t) ++ __THROW; ++int res_nquery (res_state, const char *, int, int, u_char *, int) ++ __THROW; ++int res_nsearch (res_state, const char *, int, int, u_char *, int) ++ __THROW; ++int res_nquerydomain (res_state, const char *, const char *, int, ++ int, u_char *, int) __THROW; ++int res_nmkquery (res_state, int, const char *, int, int, ++ const u_char *, int, const u_char *, u_char *, ++ int) __THROW; ++int res_nsend (res_state, const u_char *, int, u_char *, int) ++ __THROW; ++void res_nclose (res_state) __THROW; ++__END_DECLS ++#endif ++ ++#endif /* !_RESOLV_H_ */ +Index: glibc-2.20/configure +=================================================================== +--- glibc-2.20.orig/configure ++++ glibc-2.20/configure +@@ -7177,7 +7177,7 @@ RELEASE=`sed -n -e 's/^#define RELEASE " + + + +-ac_config_files="$ac_config_files config.make Makefile" ++ac_config_files="$ac_config_files config.make Makefile nss/db-Makefile resolv/netdb.h resolv/resolv.h sysdeps/generic/ldconfig.h" + + ac_config_commands="$ac_config_commands default" + +@@ -7897,6 +7897,10 @@ do + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "config.make") CONFIG_FILES="$CONFIG_FILES config.make" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; ++ "nss/db-Makefile") CONFIG_FILES="$CONFIG_FILES nss/db-Makefile" ;; ++ "resolv/netdb.h") CONFIG_FILES="$CONFIG_FILES resolv/netdb.h" ;; ++ "resolv/resolv.h") CONFIG_FILES="$CONFIG_FILES resolv/resolv.h" ;; ++ "sysdeps/generic/ldconfig.h") CONFIG_FILES="$CONFIG_FILES sysdeps/generic/ldconfig.h" ;; + "default") CONFIG_COMMANDS="$CONFIG_COMMANDS default" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; +Index: glibc-2.20/sysdeps/generic/ldconfig.h +=================================================================== +--- glibc-2.20.orig/sysdeps/generic/ldconfig.h ++++ /dev/null +@@ -1,94 +0,0 @@ +-/* Copyright (C) 1999-2014 Free Software Foundation, Inc. +- This file is part of the GNU C Library. +- Contributed by Andreas Jaeger <aj@suse.de>, 1999. +- +- The GNU C Library is free software; you can redistribute it and/or +- modify it under the terms of the GNU Lesser General Public +- License as published by the Free Software Foundation; either +- version 2.1 of the License, or (at your option) any later version. +- +- The GNU C Library is distributed in the hope that it will be useful, +- but WITHOUT ANY WARRANTY; without even the implied warranty of +- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- Lesser General Public License for more details. +- +- You should have received a copy of the GNU Lesser General Public +- License along with the GNU C Library; if not, see +- <http://www.gnu.org/licenses/>. */ +- +-#ifndef _LDCONFIG_H +-#define _LDCONFIG_H +- +-#include <stdint.h> +- +-#define FLAG_ANY -1 +-#define FLAG_TYPE_MASK 0x00ff +-#define FLAG_LIBC4 0x0000 +-#define FLAG_ELF 0x0001 +-#define FLAG_ELF_LIBC5 0x0002 +-#define FLAG_ELF_LIBC6 0x0003 +-#define FLAG_REQUIRED_MASK 0xff00 +-#define FLAG_SPARC_LIB64 0x0100 +-#define FLAG_IA64_LIB64 0x0200 +-#define FLAG_X8664_LIB64 0x0300 +-#define FLAG_S390_LIB64 0x0400 +-#define FLAG_POWERPC_LIB64 0x0500 +-#define FLAG_MIPS64_LIBN32 0x0600 +-#define FLAG_MIPS64_LIBN64 0x0700 +-#define FLAG_X8664_LIBX32 0x0800 +-#define FLAG_ARM_LIBHF 0x0900 +-#define FLAG_AARCH64_LIB64 0x0a00 +-#define FLAG_ARM_LIBSF 0x0b00 +-#define FLAG_MIPS_LIB32_NAN2008 0x0c00 +-#define FLAG_MIPS64_LIBN32_NAN2008 0x0d00 +-#define FLAG_MIPS64_LIBN64_NAN2008 0x0e00 +- +-/* Name of auxiliary cache. */ +-#define _PATH_LDCONFIG_AUX_CACHE "/var/cache/ldconfig/aux-cache" +- +-/* Declared in cache.c. */ +-extern void print_cache (const char *cache_name); +- +-extern void init_cache (void); +- +-extern void save_cache (const char *cache_name); +- +-extern void add_to_cache (const char *path, const char *lib, int flags, +- unsigned int osversion, uint64_t hwcap); +- +-extern void init_aux_cache (void); +- +-extern void load_aux_cache (const char *aux_cache_name); +- +-extern int search_aux_cache (struct stat64 *stat_buf, int *flags, +- unsigned int *osversion, char **soname); +- +-extern void add_to_aux_cache (struct stat64 *stat_buf, int flags, +- unsigned int osversion, const char *soname); +- +-extern void save_aux_cache (const char *aux_cache_name); +- +-/* Declared in readlib.c. */ +-extern int process_file (const char *real_file_name, const char *file_name, +- const char *lib, int *flag, unsigned int *osversion, +- char **soname, int is_link, struct stat64 *stat_buf); +- +-extern char *implicit_soname (const char *lib, int flag); +- +-/* Declared in readelflib.c. */ +-extern int process_elf_file (const char *file_name, const char *lib, int *flag, +- unsigned int *osversion, char **soname, +- void *file_contents, size_t file_length); +- +-/* Declared in chroot_canon.c. */ +-extern char *chroot_canon (const char *chroot, const char *name); +- +-/* Declared in ldconfig.c. */ +-extern int opt_verbose; +- +-extern int opt_format; +- +-/* Prototypes for a few program-wide used functions. */ +-#include <programs/xmalloc.h> +- +-#endif /* ! _LDCONFIG_H */ +Index: glibc-2.20/sysdeps/generic/ldconfig.h.in +=================================================================== +--- /dev/null ++++ glibc-2.20/sysdeps/generic/ldconfig.h.in +@@ -0,0 +1,94 @@ ++/* Copyright (C) 1999-2014 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ Contributed by Andreas Jaeger <aj@suse.de>, 1999. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++#ifndef _LDCONFIG_H ++#define _LDCONFIG_H ++ ++#include <stdint.h> ++ ++#define FLAG_ANY -1 ++#define FLAG_TYPE_MASK 0x00ff ++#define FLAG_LIBC4 0x0000 ++#define FLAG_ELF 0x0001 ++#define FLAG_ELF_LIBC5 0x0002 ++#define FLAG_ELF_LIBC6 0x0003 ++#define FLAG_REQUIRED_MASK 0xff00 ++#define FLAG_SPARC_LIB64 0x0100 ++#define FLAG_IA64_LIB64 0x0200 ++#define FLAG_X8664_LIB64 0x0300 ++#define FLAG_S390_LIB64 0x0400 ++#define FLAG_POWERPC_LIB64 0x0500 ++#define FLAG_MIPS64_LIBN32 0x0600 ++#define FLAG_MIPS64_LIBN64 0x0700 ++#define FLAG_X8664_LIBX32 0x0800 ++#define FLAG_ARM_LIBHF 0x0900 ++#define FLAG_AARCH64_LIB64 0x0a00 ++#define FLAG_ARM_LIBSF 0x0b00 ++#define FLAG_MIPS_LIB32_NAN2008 0x0c00 ++#define FLAG_MIPS64_LIBN32_NAN2008 0x0d00 ++#define FLAG_MIPS64_LIBN64_NAN2008 0x0e00 ++ ++/* Name of auxiliary cache. */ ++#define _PATH_LDCONFIG_AUX_CACHE "@libc_cv_localstatedir@/cache/ldconfig/aux-cache" ++ ++/* Declared in cache.c. */ ++extern void print_cache (const char *cache_name); ++ ++extern void init_cache (void); ++ ++extern void save_cache (const char *cache_name); ++ ++extern void add_to_cache (const char *path, const char *lib, int flags, ++ unsigned int osversion, uint64_t hwcap); ++ ++extern void init_aux_cache (void); ++ ++extern void load_aux_cache (const char *aux_cache_name); ++ ++extern int search_aux_cache (struct stat64 *stat_buf, int *flags, ++ unsigned int *osversion, char **soname); ++ ++extern void add_to_aux_cache (struct stat64 *stat_buf, int flags, ++ unsigned int osversion, const char *soname); ++ ++extern void save_aux_cache (const char *aux_cache_name); ++ ++/* Declared in readlib.c. */ ++extern int process_file (const char *real_file_name, const char *file_name, ++ const char *lib, int *flag, unsigned int *osversion, ++ char **soname, int is_link, struct stat64 *stat_buf); ++ ++extern char *implicit_soname (const char *lib, int flag); ++ ++/* Declared in readelflib.c. */ ++extern int process_elf_file (const char *file_name, const char *lib, int *flag, ++ unsigned int *osversion, char **soname, ++ void *file_contents, size_t file_length); ++ ++/* Declared in chroot_canon.c. */ ++extern char *chroot_canon (const char *chroot, const char *name); ++ ++/* Declared in ldconfig.c. */ ++extern int opt_verbose; ++ ++extern int opt_format; ++ ++/* Prototypes for a few program-wide used functions. */ ++#include <programs/xmalloc.h> ++ ++#endif /* ! _LDCONFIG_H */ diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c new file mode 100644 index 0000000..a8ab9d8 --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c @@ -0,0 +1,299 @@ +/* Copyright (C) 2004-2014 Free Software Foundation, Inc. + Copyright (C) 2006-2014 Gentoo Foundation Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Hardened Gentoo SSP and FORTIFY handler + + A failure handler that does not use functions from the rest of glibc; + it uses the INTERNAL_SYSCALL methods directly. This helps ensure no + possibility of recursion into the handler. + + Direct all bug reports to http://bugs.gentoo.org/ + + People who have contributed significantly to the evolution of this file: + Ned Ludd - <solar[@]gentoo.org> + Alexander Gabert - <pappy[@]gentoo.org> + The PaX Team - <pageexec[@]freemail.hu> + Peter S. Mazinger - <ps.m[@]gmx.net> + Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + Robert Connolly - <robert[@]linuxfromscratch.org> + Cory Visi <cory[@]visi.name> + Mike Frysinger <vapier[@]gentoo.org> + Magnus Granberg <zorry[@]gentoo.org> + Kevin F. Quinn - <kevquinn[@]gentoo.org> + */ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static const char *__progname = "<ldso>"; +#else +extern const char *__progname; +#endif + +#ifdef GENTOO_SSP_HANDLER +# define ERROR_MSG "stack smashing" +#else +# define ERROR_MSG "buffer overflow" +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__, __always_inline__)) +static inline void +__hardened_gentoo_fail(void) +{ +#define MESSAGE_BUFSIZ 512 + static pid_t pid; + static int plen, i, hlen; + static char message[MESSAGE_BUFSIZ]; + /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */ + static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: "; + static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: "; + static const char msg_terminated[] = " terminated; "; + static const char msg_report[] = "report to " REPORT_BUGS_TO "\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address */ + sock.sun_family = AF_UNIX; + i = 0; + while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) { + sock.sun_path[i] = path_log[i]; + ++i; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + ({ \ + i = 0; \ + while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \ + message[plen + i] = str[i]; \ + ++i; \ + } \ + plen += i; \ + }) + + /* Tersely log the failure */ + plen = 0; + strconcat(msg_header); + hlen = plen; + strconcat(msg_ssd); + if (__progname != NULL) + strconcat(__progname); + else + strconcat(msg_unknown); + strconcat(msg_terminated); + strconcat(msg_report); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen); + if (connect_result != -1) { + INLINE_SYSCALL(write, 3, log_socket, message, plen); + INLINE_SYSCALL(close, 1, log_socket); + } + + /* Time to kill self since we have no idea what is going on */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + /* Remove any user-supplied handler for SIGABRT, before using it. */ +#if 0 + /* + * Note: Disabled because some programs catch & process their + * own crashes. We've already enabled this code path which + * means we want to let core dumps happen. + */ + static struct sigaction default_abort_act; + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) +#endif + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* SIGKILL is only signal which cannot be caught */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway. + * The loop prevents gcc thinking this routine returns. + */ + while (1) + INLINE_SYSCALL(exit, 1, 137); +} + +__attribute__ ((__noreturn__)) +#ifdef GENTOO_SSP_HANDLER +void __stack_chk_fail(void) +#else +void __chk_fail(void) +#endif +{ + __hardened_gentoo_fail(); +} diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c new file mode 100644 index 0000000..4a537bb --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c @@ -0,0 +1,2 @@ +#define GENTOO_SSP_HANDLER +#include <debug/chk_fail.c> diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch new file mode 100644 index 0000000..35eabe9 --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch @@ -0,0 +1,306 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_PRE_TLS is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_PRE_TLS is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> +Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org> +Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org> + +--- a/csu/libc-start.c ++++ b/csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char + } + } + ++# ifdef INTERNAL_SYSCALL_PRE_TLS ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_PRE_TLS + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- a/csu/libc-tls.c ++++ b/csu/libc-tls.c +@@ -22,12 +22,17 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED + #error makefile bug, this file is for static only + #endif + ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif ++ + dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; + + +@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++# define __sbrk __sbrk_nosysenter ++#endif + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV + is defined add another #elif here and in the following #ifs. */ + # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined" + #endif ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++# undef __sbrk ++#endif + + /* Align the TLS block. */ + tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1) +--- a/misc/sbrk.c ++++ b/misc/sbrk.c +@@ -18,6 +18,7 @@ + #include <errno.h> + #include <stdint.h> + #include <unistd.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used via ++ dynamic loading in a statically linked program update __curbrk from the ++ kernel's brk value. That way two separate instances of __brk and __sbrk ++ can share the heap, returning interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif ++ + void * + __sbrk (intptr_t increment) + { +--- a/sysdeps/unix/sysv/linux/i386/brk.c ++++ b/sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif ++ + int + __brk (void *addr) + { +--- a/sysdeps/unix/sysv/linux/i386/sysdep.h ++++ b/sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# ifdef __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# ifdef __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && defined __PIC__ + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +494,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && defined __PIC__ + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" +--- a/sysdeps/i386/nptl/tls.h ++++ b/sysdeps/i386/nptl/tls.h +@@ -189,6 +189,15 @@ + desc->vals[3] = 0x51; + } + ++/* We have no sysenter until the tls is initialized which is a ++ problem for PIC. Thus we need to do the right call depending ++ on the situation. */ ++#ifndef INTERNAL_SYSCALL_PRE_TLS ++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL ++#else ++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS ++#endif ++ + /* Code to initially initialize the thread pointer. This might need + special attention since 'errno' is not yet available and if the + operation can cause a failure 'errno' must not be touched. */ +@@ -209,7 +218,7 @@ + \ + /* Install the TLS. */ \ + INTERNAL_SYSCALL_DECL (err); \ +- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ ++ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ + \ + if (_result == 0) \ + /* We know the index in the GDT, now load the segment register. \ diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch b/sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch new file mode 100644 index 0000000..2b2de6b --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch @@ -0,0 +1,20 @@ +disable vdso loading in ELF handler unconditionally for some buggy kernel +like that shipped with RHEL(likely CentOS and SL) 5.6 + + https://bugzilla.redhat.com/show_bug.cgi?id=673616 + +Benda Xu <heroxbd@gentoo.org> (24 Nov, 2014) + +Index: work/glibc-2.20/sysdeps/unix/sysv/linux/dl-sysdep.h +=================================================================== +--- work.orig/glibc-2.20/sysdeps/unix/sysv/linux/dl-sysdep.h ++++ work/glibc-2.20/sysdeps/unix/sysv/linux/dl-sysdep.h +@@ -23,7 +23,7 @@ + machines, we should look at it for unwind information even if + we aren't making direct use of it. So enable this across the board. */ + +-#define NEED_DL_SYSINFO_DSO 1 ++#define NEED_DL_SYSINFO_DSO 0 + + + #ifndef __ASSEMBLER__ diff --git a/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch b/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch new file mode 100644 index 0000000..7c4399f --- /dev/null +++ b/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch @@ -0,0 +1,68 @@ +#! /bin/sh -e + +# DP: Description: Fix localedef segfault when run under exec-shield, +# PaX or similar. (#231438, #198099) +# DP: Dpatch Author: James Troup <james@nocrew.org> +# DP: Patch Author: (probably) Jakub Jelinek <jakub@redhat.com> +# DP: Upstream status: Unknown +# DP: Status Details: Unknown +# DP: Date: 2004-03-16 + +if [ $# -ne 2 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -d "$2" -f --no-backup-if-mismatch -p1 < $0;; + -unpatch) patch -d "$2" -f --no-backup-if-mismatch -R -p1 < $0;; + *) + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +esac +exit 0 + +--- glibc-2.3.3-net/locale/programs/3level.h 16 Jun 2003 07:19:09 -0000 1.1.1.5 ++++ glibc-2.3.3-redhat/locale/programs/3level.h 16 Jun 2003 09:32:40 -0000 1.4 +@@ -204,6 +204,42 @@ CONCAT(TABLE,_iterate) (struct TABLE *t, + } + } + } ++ ++/* GCC ATM seems to do a poor job with pointers to nested functions passed ++ to inlined functions. Help it a little bit with this hack. */ ++#define wchead_table_iterate(tp, fn) \ ++do \ ++ { \ ++ struct wchead_table *t = (tp); \ ++ uint32_t index1; \ ++ for (index1 = 0; index1 < t->level1_size; index1++) \ ++ { \ ++ uint32_t lookup1 = t->level1[index1]; \ ++ if (lookup1 != ((uint32_t) ~0)) \ ++ { \ ++ uint32_t lookup1_shifted = lookup1 << t->q; \ ++ uint32_t index2; \ ++ for (index2 = 0; index2 < (1 << t->q); index2++) \ ++ { \ ++ uint32_t lookup2 = t->level2[index2 + lookup1_shifted]; \ ++ if (lookup2 != ((uint32_t) ~0)) \ ++ { \ ++ uint32_t lookup2_shifted = lookup2 << t->p; \ ++ uint32_t index3; \ ++ for (index3 = 0; index3 < (1 << t->p); index3++) \ ++ { \ ++ struct element_t *lookup3 \ ++ = t->level3[index3 + lookup2_shifted]; \ ++ if (lookup3 != NULL) \ ++ fn ((((index1 << t->q) + index2) << t->p) + index3, \ ++ lookup3); \ ++ } \ ++ } \ ++ } \ ++ } \ ++ } \ ++ } while (0) ++ + #endif + + #ifndef NO_FINALIZE diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c new file mode 100644 index 0000000..e304440 --- /dev/null +++ b/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c @@ -0,0 +1,311 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + */ + +#include <errno.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> +#include <bp-checks.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigation && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +#endif + + + +/* Define DO_SOCKET/DO_CONNECT macros to deal with socketcall vs socket/connect */ +#ifdef __NR_socketcall + +# define DO_SOCKET(result,domain,type,protocol) \ + {socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall,2,SOCKOP_socket,socketargs);} + +# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \ + {socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall,2,SOCKOP_connect,socketargs);} + +#else + +# define DO_SOCKET(result,domain,type,protocol) \ + {result = INLINE_SYSCALL(socket,3,domain,type,protocol);} + +# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \ + {result = INLINE_SYSCALL(connect,3,sockfd,serv_addr,addrlen);} + +#endif +/* __NR_socketcall */ + + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[]=_PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + + +/* Common handler code, used by stack_chk_fail and __stack_smash_handler + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +static inline void +__attribute__ ((__noreturn__ , __always_inline__)) +__hardened_gentoo_stack_chk_fail (char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[]=": stack smashing attack"; + static const char msg_inf[]=" in function "; + static const char msg_ssd[]="*** stack smashing detected ***: "; + static const char msg_terminated[]=" - terminated\n"; + static const char msg_report[]="Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[]="<unknown>"; +#ifdef SSP_SMASH_DUMPS_CORE + static struct sigaction default_abort_act; +#endif + static int log_socket, connect_result; + static struct sockaddr_un sock; +#ifdef __NR_socketcall + static unsigned long int socketargs[4]; +#endif + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i=0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) + { + sock.sun_path[i]=path_log[i]; + i++; + } + sock.sun_path[i]='\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result=-1; + DO_SOCKET(log_socket,AF_UNIX,SOCK_DGRAM,0); + if (log_socket != -1) + DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock))); + if (connect_result == -1) + { + if (log_socket != -1) + INLINE_SYSCALL(close,1,log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket,AF_UNIX,SOCK_STREAM,0); + if (log_socket != -1) + DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock))); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen=0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen); + if (connect_result != -1) + INLINE_SYSCALL(write,3,log_socket,message,plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen=0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func!=NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen); + if (connect_result != -1) + INLINE_SYSCALL(write,3,log_socket,message,plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen); + if (connect_result != -1) + INLINE_SYSCALL(write,3,log_socket,message,plen); + + if (log_socket != -1) + INLINE_SYSCALL(close,1,log_socket); + + /* Suicide */ + pid=INLINE_SYSCALL(getpid,0); +#ifdef SSP_SMASH_DUMPS_CORE + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + /* sigaction doesn't exist on amd64; however rt_sigaction seems to + * exist everywhere. rt_sigaction has an extra parameter - the + * size of sigset_t. + */ +# ifdef __NR_sigation + if (INLINE_SYSCALL(sigaction,3,SIGABRT,&default_abort_act,NULL) == 0) +# else + /* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG + if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_KERNEL_NSIG/8) == 0) +# else + if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_NSIG/8) == 0) +# endif +# endif + INLINE_SYSCALL(kill,2,pid,SIGABRT); +#endif + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill,2,pid,SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) INLINE_SYSCALL(exit,0); +} + +void +__attribute__ ((__noreturn__)) + __stack_chk_fail (void) +{ + __hardened_gentoo_stack_chk_fail(NULL,0); +} + +#ifdef ENABLE_OLD_SSP_COMPAT +void +__attribute__ ((__noreturn__)) +__stack_smash_handler(char func[], int damaged) +{ + __hardened_gentoo_stack_chk_fail(func,damaged); +} +#endif + diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch new file mode 100644 index 0000000..253a61b --- /dev/null +++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch @@ -0,0 +1,29 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> + +--- configure.in ++++ configure.in +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + pic_default=no + fi + rm -f conftest.* diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch new file mode 100644 index 0000000..420e6fd --- /dev/null +++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch @@ -0,0 +1,283 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_NOSYSENTER is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> + +--- csu/libc-start.c.orig 2007-01-21 11:51:06.000000000 +0100 ++++ csu/libc-start.c 2007-01-21 11:55:57.000000000 +0100 +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void) +@@ -133,6 +134,14 @@ + # endif + _dl_aux_init (auxvec); + # endif ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP ++ if (__pthread_initialize_minimal) ++# endif ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -142,15 +151,17 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_NOSYSENTER + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. If there is no thread library and we + handle TLS the function is defined in the libc to initialized the + TLS handling. */ +-# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP ++# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP + if (__pthread_initialize_minimal) +-# endif ++# endif + __pthread_initialize_minimal (); ++# endif + #endif + + # ifndef SHARED +--- csu/libc-tls.c.orig 2007-01-21 11:37:02.000000000 +0100 ++++ csu/libc-tls.c 2007-01-21 12:09:33.000000000 +0100 +@@ -23,6 +23,7 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED +@@ -30,6 +31,9 @@ + #endif + + #ifdef USE_TLS ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++extern void *__sbrk_nosysenter (intptr_t __delta); ++# endif + extern ElfW(Phdr) *_dl_phdr; + extern size_t _dl_phnum; + +@@ -142,14 +146,26 @@ + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ + # if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); ++# else + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); ++# endif + # elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align ++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# else + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# endif + tlsblock += TLS_PRE_TCB_SIZE; + # else + /* In case a model with a different layout for the TCB and DTV +--- misc/sbrk.c.orig 2007-01-21 11:38:27.000000000 +0100 ++++ misc/sbrk.c 2007-01-21 12:07:29.000000000 +0100 +@@ -18,6 +18,7 @@ + + #include <unistd.h> + #include <errno.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used ++ via dynamic loading in a statically linked program update ++ __curbrk from the kernel's brk value. That way two separate ++ instances of __brk and __sbrk can share the heap, returning ++ interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif + void * + __sbrk (intptr_t increment) + { +--- sysdeps/unix/sysv/linux/i386/brk.c.orig 2007-01-21 11:39:16.000000000 +0100 ++++ sysdeps/unix/sysv/linux/i386/brk.c 2007-01-21 11:44:01.000000000 +0100 +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ * if the SYSENTER version requires the TLS (which it does on i386). ++ * Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *__unbounded newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, ++ __ptrvalue (addr)); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif + int + __brk (void *addr) + { +--- sysdeps/unix/sysv/linux/i386/sysdep.h.orig 2007-01-21 13:08:00.000000000 +0100 ++++ sysdeps/unix/sysv/linux/i386/sysdep.h 2007-01-21 13:19:10.000000000 +0100 +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +495,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch new file mode 100644 index 0000000..46f3de4 --- /dev/null +++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch @@ -0,0 +1,39 @@ +Change link commands for glibc executables to build PIEs + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> + +--- Makeconfig ++++ Makeconfig +@@ -415,10 +415,10 @@ + + # Command for linking programs with the C library. + ifndef +link +-+link = $(CC) -nostdlib -nostartfiles -o $@ \ +++link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \ + $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ + $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ +- $(addprefix $(csu-objpfx),$(start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(start-installed-name)) \ + $(+preinit) $(+prector) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -429,7 +429,7 @@ + ifndef +link-static + +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \ + $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ +- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ + $(+preinit) $(+prector) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -528,8 +528,8 @@ + ifeq ($(elf),yes) + +preinit = $(addprefix $(csu-objpfx),crti.o) + +postinit = $(addprefix $(csu-objpfx),crtn.o) +-+prector = `$(CC) --print-file-name=crtbegin.o` +-+postctor = `$(CC) --print-file-name=crtend.o` +++prector = `$(CC) --print-file-name=crtbeginS.o` +++postctor = `$(CC) --print-file-name=crtendS.o` + +interp = $(addprefix $(elf-objpfx),interp.os) + endif + csu-objpfx = $(common-objpfx)csu/ diff --git a/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c new file mode 100644 index 0000000..217bf1a --- /dev/null +++ b/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c @@ -0,0 +1,321 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2007 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + */ + +#include <errno.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> +#include <bp-checks.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + + +/* Common handler code, used by stack_chk_fail and __stack_smash_handler + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_stack_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": stack smashing attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** stack smashing detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __stack_chk_fail(void) +{ + __hardened_gentoo_stack_chk_fail(NULL, 0); +} + +#ifdef ENABLE_OLD_SSP_COMPAT +__attribute__ ((__noreturn__)) +void __stack_smash_handler(char func[], int damaged) +{ + __hardened_gentoo_stack_chk_fail(func, damaged); +} +#endif diff --git a/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch new file mode 100644 index 0000000..be8ca19 --- /dev/null +++ b/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch @@ -0,0 +1,273 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_NOSYSENTER is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> + +--- csu/libc-start.c ++++ csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -129,6 +130,11 @@ + # endif + _dl_aux_init (auxvec); + # endif ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_NOSYSENTER + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + #endif + + # ifndef SHARED +--- csu/libc-tls.c ++++ csu/libc-tls.c +@@ -23,6 +23,7 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED +@@ -29,6 +30,9 @@ + #error makefile bug, this file is for static only + #endif + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif + extern ElfW(Phdr) *_dl_phdr; + extern size_t _dl_phnum; + +@@ -141,14 +145,26 @@ + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); ++# else + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); ++# endif + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align ++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# else + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# endif + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV +--- misc/sbrk.c ++++ misc/sbrk.c +@@ -18,6 +18,7 @@ + + #include <unistd.h> + #include <errno.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used ++ via dynamic loading in a statically linked program update ++ __curbrk from the kernel's brk value. That way two separate ++ instances of __brk and __sbrk can share the heap, returning ++ interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif + void * + __sbrk (intptr_t increment) + { +--- sysdeps/unix/sysv/linux/i386/brk.c ++++ sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ * if the SYSENTER version requires the TLS (which it does on i386). ++ * Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *__unbounded newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, ++ __ptrvalue (addr)); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif + int + __brk (void *addr) + { +--- sysdeps/unix/sysv/linux/i386/sysdep.h ++++ sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +495,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" diff --git a/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch new file mode 100644 index 0000000..ecf57a9 --- /dev/null +++ b/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch @@ -0,0 +1,273 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_NOSYSENTER is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> + +--- csu/libc-start.c ++++ csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -129,6 +130,11 @@ + # endif + _dl_aux_init (auxvec); + # endif ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_NOSYSENTER + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- csu/libc-tls.c ++++ csu/libc-tls.c +@@ -23,6 +23,7 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED +@@ -29,6 +30,9 @@ + #error makefile bug, this file is for static only + #endif + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif + extern ElfW(Phdr) *_dl_phdr; + extern size_t _dl_phnum; + +@@ -141,14 +145,26 @@ + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); ++# else + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); ++# endif + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align ++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# else + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# endif + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV +--- misc/sbrk.c ++++ misc/sbrk.c +@@ -18,6 +18,7 @@ + + #include <unistd.h> + #include <errno.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used ++ via dynamic loading in a statically linked program update ++ __curbrk from the kernel's brk value. That way two separate ++ instances of __brk and __sbrk can share the heap, returning ++ interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif + void * + __sbrk (intptr_t increment) + { +--- sysdeps/unix/sysv/linux/i386/brk.c ++++ sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ * if the SYSENTER version requires the TLS (which it does on i386). ++ * Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *__unbounded newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, ++ __ptrvalue (addr)); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif + int + __brk (void *addr) + { +--- sysdeps/unix/sysv/linux/i386/sysdep.h ++++ sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +495,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" diff --git a/sys-libs/glibc/files/eblits/common.eblit b/sys-libs/glibc/files/eblits/common.eblit new file mode 100644 index 0000000..e56f10e --- /dev/null +++ b/sys-libs/glibc/files/eblits/common.eblit @@ -0,0 +1,380 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +alt_prefix() { + is_crosscompile && echo /usr/${CTARGET} +} + +if [[ ${EAPI:-0} == [012] ]] ; then + : ${ED:=${D}} + : ${EROOT:=${ROOT}} +fi +# This indirection is for binpkgs. #523332 +_nonfatal() { nonfatal "$@" ; } +if [[ ${EAPI:-0} == [0123] ]] ; then + nonfatal() { "$@" ; } + _nonfatal() { "$@" ; } +fi + +# We need to be able to set alternative headers for +# compiling for non-native platform +# Will also become useful for testing kernel-headers without screwing up +# the whole system. +# note: intentionally undocumented. +alt_headers() { + echo ${ALT_HEADERS:=$(alt_prefix)/usr/include} +} +alt_build_headers() { + if [[ -z ${ALT_BUILD_HEADERS} ]] ; then + ALT_BUILD_HEADERS="${EPREFIX}$(alt_headers)" + if tc-is-cross-compiler ; then + ALT_BUILD_HEADERS=${SYSROOT}$(alt_headers) + if [[ ! -e ${ALT_BUILD_HEADERS}/linux/version.h ]] ; then + local header_path=$(echo '#include <linux/version.h>' | $(tc-getCPP ${CTARGET}) ${CFLAGS} 2>&1 | grep -o '[^"]*linux/version.h') + ALT_BUILD_HEADERS=${header_path%/linux/version.h} + fi + fi + fi + echo "${ALT_BUILD_HEADERS}" +} + +alt_libdir() { + echo $(alt_prefix)/$(get_libdir) +} +alt_usrlibdir() { + echo $(alt_prefix)/usr/$(get_libdir) +} + +builddir() { + echo "${WORKDIR}/build-${ABI}-${CTARGET}-$1" +} + +setup_target_flags() { + # This largely mucks with compiler flags. None of which should matter + # when building up just the headers. + just_headers && return 0 + + case $(tc-arch) in + x86) + # -march needed for #185404 #199334 + # TODO: When creating the first glibc cross-compile, this test will + # always fail as it does a full link which in turn requires glibc. + # Probably also applies when changing multilib profile settings (e.g. + # enabling x86 when the profile was amd64-only previously). + # We could change main to _start and pass -nostdlib here so that we + # only test the gcc code compilation. Or we could do a compile and + # then look for the symbol via scanelf. + if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then + local t=${CTARGET_OPT:-${CTARGET}} + t=${t%%-*} + filter-flags '-march=*' + export CFLAGS="-march=${t} ${CFLAGS}" + einfo "Auto adding -march=${t} to CFLAGS #185404" + fi + ;; + amd64) + # -march needed for #185404 #199334 + # Note: This test only matters when the x86 ABI is enabled, so we could + # optimize a bit and elide it. + # TODO: See cross-compile issues listed above for x86. + if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then + local t=${CTARGET_OPT:-${CTARGET}} + t=${t%%-*} + # Normally the target is x86_64-xxx, so turn that into the -march that + # gcc actually accepts. #528708 + [[ ${t} == "x86_64" ]] && t="x86-64" + filter-flags '-march=*' + # ugly, ugly, ugly. ugly. + CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}") + export CFLAGS_x86="${CFLAGS_x86} -march=${t}" + einfo "Auto adding -march=${t} to CFLAGS_x86 #185404" + fi + ;; + mips) + # The mips abi cannot support the GNU style hashes. #233233 + filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both + ;; + ppc) + append-flags "-freorder-blocks" + ;; + sparc) + # Both sparc and sparc64 can use -fcall-used-g6. -g7 is bad, though. + filter-flags "-fcall-used-g7" + append-flags "-fcall-used-g6" + + # If the CHOST is the basic one (e.g. not sparcv9-xxx already), + # try to pick a better one so glibc can use cpu-specific .S files. + # We key off the CFLAGS to get a good value. Also need to handle + # version skew. + # We can't force users to set their CHOST to their exact machine + # as many of these are not recognized by config.sub/gcc and such :(. + # Note: If the mcpu values don't scale, we might try probing CPP defines. + # Note: Should we factor in -Wa,-AvXXX flags too ? Or -mvis/etc... ? + + local cpu + case ${CTARGET} in + sparc64-*) + case $(get-flag mcpu) in + niagara[234]) + if version_is_at_least 2.8 ; then + cpu="sparc64v2" + elif version_is_at_least 2.4 ; then + cpu="sparc64v" + elif version_is_at_least 2.2.3 ; then + cpu="sparc64b" + fi + ;; + niagara) + if version_is_at_least 2.4 ; then + cpu="sparc64v" + elif version_is_at_least 2.2.3 ; then + cpu="sparc64b" + fi + ;; + ultrasparc3) + cpu="sparc64b" + ;; + *) + # We need to force at least v9a because the base build doesn't + # work with just v9. + # https://sourceware.org/bugzilla/show_bug.cgi?id=19477 + [[ -z ${cpu} ]] && append-flags "-Wa,-xarch=v9a" + ;; + esac + ;; + sparc-*) + case $(get-flag mcpu) in + niagara[234]) + if version_is_at_least 2.8 ; then + cpu="sparcv9v2" + elif version_is_at_least 2.4 ; then + cpu="sparcv9v" + elif version_is_at_least 2.2.3 ; then + cpu="sparcv9b" + else + cpu="sparcv9" + fi + ;; + niagara) + if version_is_at_least 2.4 ; then + cpu="sparcv9v" + elif version_is_at_least 2.2.3 ; then + cpu="sparcv9b" + else + cpu="sparcv9" + fi + ;; + ultrasparc3) + cpu="sparcv9b" + ;; + v9|ultrasparc) + cpu="sparcv9" + ;; + v8|supersparc|hypersparc|leon|leon3) + cpu="sparcv8" + ;; + esac + ;; + esac + [[ -n ${cpu} ]] && CTARGET_OPT="${cpu}-${CTARGET#*-}" + ;; + esac +} + +setup_flags() { + # Make sure host make.conf doesn't pollute us + if is_crosscompile || tc-is-cross-compiler ; then + CHOST=${CTARGET} strip-unsupported-flags + fi + + # Store our CFLAGS because it's changed depending on which CTARGET + # we are building when pulling glibc on a multilib profile + CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}} + CFLAGS=${CFLAGS_BASE} + CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}} + CXXFLAGS=${CXXFLAGS_BASE} + ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}} + ASFLAGS=${ASFLAGS_BASE} + + # Over-zealous CFLAGS can often cause problems. What may work for one + # person may not work for another. To avoid a large influx of bugs + # relating to failed builds, we strip most CFLAGS out to ensure as few + # problems as possible. + strip-flags + strip-unsupported-flags + filter-flags -m32 -m64 -mabi=* + + # Bug 492892. + filter-flags -frecord-gcc-switches + + unset CBUILD_OPT CTARGET_OPT + if use multilib ; then + CTARGET_OPT=$(get_abi_CTARGET) + [[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST) + fi + + setup_target_flags + + if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then + CBUILD_OPT=${CTARGET_OPT} + fi + + # Lock glibc at -O2 -- linuxthreads needs it and we want to be + # conservative here. -fno-strict-aliasing is to work around #155906 + filter-flags -O? + append-flags -O2 -fno-strict-aliasing + + # Can't build glibc itself with fortify code. Newer versions add + # this flag for us, so no need to do it manually. + version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE + + # building glibc with SSP is fraught with difficulty, especially + # due to __stack_chk_fail_local which would mean significant changes + # to the glibc build process. See bug #94325 #293721 + # Note we have to handle both user-given CFLAGS and gcc defaults via + # spec rules here. We can't simply add -fno-stack-protector as it gets + # added before user flags, and we can't just filter-flags because + # _filter_hardened doesn't support globs. + filter-flags -fstack-protector* + gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector) + + if use hardened && gcc-specs-pie ; then + # Force PIC macro definition for all compilations since they're all + # either -fPIC or -fPIE with the default-PIE compiler. + append-cppflags -DPIC + else + # Don't build -fPIE without the default-PIE compiler and the + # hardened-pie patch + filter-flags -fPIE + fi +} + +want_nptl() { + [[ -z ${LT_VER} ]] && return 0 + want_tls || return 1 + use nptl || return 1 + + # Older versions of glibc had incomplete arch support for nptl. + # But if you're building those now, you can handle USE=nptl yourself. + return 0 +} + +want_linuxthreads() { + [[ -z ${LT_VER} ]] && return 1 + use linuxthreads +} + +want_tls() { + # Archs that can use TLS (Thread Local Storage) + case $(tc-arch) in + x86) + # requires i486 or better #106556 + [[ ${CTARGET} == i[4567]86* ]] && return 0 + return 1 + ;; + esac + + return 0 +} + +want__thread() { + want_tls || return 1 + + # For some reason --with-tls --with__thread is causing segfaults on sparc32. + [[ ${PROFILE_ARCH} == "sparc" ]] && return 1 + + [[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD} + + # only test gcc -- cant test linking yet + tc-has-tls -c ${CTARGET} + WANT__THREAD=$? + + return ${WANT__THREAD} +} + +use_multiarch() { + # Make sure binutils is new enough to support indirect functions #336792 + # This funky sed supports gold and bfd linkers. + local bver nver + bver=$($(tc-getLD ${CTARGET}) -v | sed -n -r '1{s:[^0-9]*::;s:^([0-9.]*).*:\1:;p}') + case $(tc-arch ${CTARGET}) in + amd64|x86) nver="2.20" ;; + arm) nver="2.22" ;; + hppa) nver="2.23" ;; + ppc|ppc64) nver="2.20" ;; + # ifunc was added in 2.23, but glibc also needs machinemode which is in 2.24. + s390) nver="2.24" ;; + sparc) nver="2.21" ;; + *) return 1 ;; + esac + version_is_at_least ${nver} ${bver} +} + +# Setup toolchain variables that had historically +# been defined in the profiles for these archs. +setup_env() { + # silly users + unset LD_RUN_PATH + unset LD_ASSUME_KERNEL + + multilib_env ${CTARGET_OPT:-${CTARGET}} + if is_crosscompile || tc-is-cross-compiler ; then + if ! use multilib ; then + MULTILIB_ABIS=${DEFAULT_ABI} + else + MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}} + fi + + # If the user has CFLAGS_<CTARGET> in their make.conf, use that, + # and fall back on CFLAGS. + local VAR=CFLAGS_${CTARGET//[-.]/_} + CFLAGS=${!VAR-${CFLAGS}} + fi + + setup_flags + + export ABI=${ABI:-${DEFAULT_ABI:-default}} + + local VAR=CFLAGS_${ABI} + # We need to export CFLAGS with abi information in them because glibc's + # configure script checks CFLAGS for some targets (like mips). Keep + # around the original clean value to avoid appending multiple ABIs on + # top of each other. + : ${__GLIBC_CC:=$(tc-getCC ${CTARGET_OPT:-${CTARGET}})} + export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}" +} + +foreach_abi() { + setup_env + + local ret=0 + local abilist="" + if use multilib ; then + abilist=$(get_install_abis) + else + abilist=${DEFAULT_ABI} + fi + evar_push ABI + export ABI + for ABI in ${abilist:-default} ; do + setup_env + einfo "Running $1 for ABI ${ABI}" + $1 + : $(( ret |= $? )) + done + evar_pop + return ${ret} +} + +just_headers() { + is_crosscompile && use crosscompile_opts_headers-only +} + +glibc_banner() { + local b="Gentoo ${PVR}" + [[ -n ${SNAP_VER} ]] && b+=" snapshot ${SNAP_VER}" + [[ -n ${BRANCH_UPDATE} ]] && b+=" branch ${BRANCH_UPDATE}" + [[ -n ${PATCH_VER} ]] && ! use vanilla && b+=" p${PATCH_VER}" + echo "${b}" +} diff --git a/sys-libs/glibc/files/eblits/pkg_postinst.eblit b/sys-libs/glibc/files/eblits/pkg_postinst.eblit new file mode 100644 index 0000000..8178fa1 --- /dev/null +++ b/sys-libs/glibc/files/eblits/pkg_postinst.eblit @@ -0,0 +1,27 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +eblit-glibc-pkg_postinst() { + # nothing to do if just installing headers + just_headers && return + + if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then + # Generate fastloading iconv module configuration file. + "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" + fi + + if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then + # Reload init ... if in a chroot or a diff init package, ignore + # errors from this step #253697 + /sbin/telinit U 2>/dev/null + + # if the host locales.gen contains no entries, we'll install everything + local locale_list="${EROOT}etc/locale.gen" + if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then + ewarn "Generating all locales; edit /etc/locale.gen to save time/space" + locale_list="${EROOT}usr/share/i18n/SUPPORTED" + fi + locale-gen -j $(makeopts_jobs) --config "${locale_list}" + fi +} diff --git a/sys-libs/glibc/files/eblits/pkg_preinst.eblit b/sys-libs/glibc/files/eblits/pkg_preinst.eblit new file mode 100644 index 0000000..f40f402 --- /dev/null +++ b/sys-libs/glibc/files/eblits/pkg_preinst.eblit @@ -0,0 +1,63 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Simple test to make sure our new glibc isnt completely broken. +# Make sure we don't test with statically built binaries since +# they will fail. Also, skip if this glibc is a cross compiler. +# +# If coreutils is built with USE=multicall, some of these files +# will just be wrapper scripts, not actual ELFs we can test. +glibc_sanity_check() { + cd / #228809 + + # We enter ${ED} so to avoid trouble if the path contains + # special characters; for instance if the path contains the + # colon character (:), then the linker will try to split it + # and look for the libraries in an unexpected place. This can + # lead to unsafe code execution if the generated prefix is + # within a world-writable directory. + # (e.g. /var/tmp/portage:${HOSTNAME}) + pushd "${ED}"/$(get_libdir) >/dev/null + + local x striptest + for x in cal date env free ls true uname uptime ; do + x=$(type -p ${x}) + [[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue + striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue + case ${striptest} in + *"statically linked"*) continue;; + *"ASCII text"*) continue;; + esac + # We need to clear the locale settings as the upgrade might want + # incompatible locale data. This test is not for verifying that. + LC_ALL=C \ + ./ld-*.so --library-path . ${x} > /dev/null \ + || die "simple run test (${x}) failed" + done + + popd >/dev/null +} + +eblit-glibc-pkg_preinst() { + # nothing to do if just installing headers + just_headers && return + + # prepare /etc/ld.so.conf.d/ for files + mkdir -p "${EROOT}"/etc/ld.so.conf.d + + # Default /etc/hosts.conf:multi to on for systems with small dbs. + if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then + sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf + elog "Defaulting /etc/host.conf:multi to on" + fi + + [[ ${ROOT} != "/" ]] && return 0 + [[ -d ${ED}/$(get_libdir) ]] || return 0 + [[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check + + # For newer EAPIs, this was run in pkg_pretend. + if [[ ${EAPI:-0} == [0123] ]] ; then + check_devpts + fi +} diff --git a/sys-libs/glibc/files/eblits/pkg_pretend.eblit b/sys-libs/glibc/files/eblits/pkg_pretend.eblit new file mode 100644 index 0000000..c900ccc --- /dev/null +++ b/sys-libs/glibc/files/eblits/pkg_pretend.eblit @@ -0,0 +1,157 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +glibc_compile_test() { + local ret save_cflags=${CFLAGS} + CFLAGS+=" $1" + shift + + pushd "${T}" >/dev/null + + rm -f glibc-test* + printf '%b' "$*" > glibc-test.c + + _nonfatal emake -s glibc-test + ret=$? + + popd >/dev/null + + CFLAGS=${save_cflags} + return ${ret} +} + +glibc_run_test() { + local ret + + if [[ ${EMERGE_FROM} == "binary" ]] ; then + # ignore build failures when installing a binary package #324685 + glibc_compile_test "" "$@" 2>/dev/null || return 0 + else + if ! glibc_compile_test "" "$@" ; then + ewarn "Simple build failed ... assuming this is desired #324685" + return 0 + fi + fi + + pushd "${T}" >/dev/null + + ./glibc-test + ret=$? + rm -f glibc-test* + + popd >/dev/null + + return ${ret} +} + +check_devpts() { + # Make sure devpts is mounted correctly for use w/out setuid pt_chown. + + # If merely building the binary package, then there's nothing to verify. + [[ ${MERGE_TYPE} == "buildonly" ]] && return + + # Only sanity check when installing the native glibc. + [[ ${ROOT} != "/" ]] && return + + # Older versions always installed setuid, so no need to check. + in_iuse suid || return + + # If they're opting in to the old suid code, then no need to check. + use suid && return + + if awk '$3 == "devpts" && $4 ~ /[, ]gid=5[, ]/ { exit 1 }' /proc/mounts ; then + eerror "In order to use glibc with USE=-suid, you must make sure that" + eerror "you have devpts mounted at /dev/pts with the gid=5 option." + eerror "Openrc should do this for you, so you should check /etc/fstab" + eerror "and make sure you do not have any invalid settings there." + # Do not die on older kernels as devpts did not export these settings #489520. + if version_is_at_least 2.6.25 $(uname -r) ; then + die "mount & fix your /dev/pts settings" + fi + fi +} + +eblit-glibc-pkg_pretend() { + # For older EAPIs, this is run in pkg_preinst. + if [[ ${EAPI:-0} != [0123] ]] ; then + check_devpts + fi + + # prevent native builds from downgrading ... maybe update to allow people + # to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2) + if [[ ${MERGE_TYPE} != "buildonly" ]] && \ + [[ ${ROOT} == "/" ]] && \ + [[ ${CBUILD} == ${CHOST} ]] && \ + [[ ${CHOST} == ${CTARGET} ]] ; then + if has_version '>'${CATEGORY}/${PF} ; then + eerror "Sanity check to keep you from breaking your system:" + eerror " Downgrading glibc is not supported and a sure way to destruction" + die "aborting to save your system" + fi + + if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n' + then + eerror "Your patched vendor kernel is broken. You need to get an" + eerror "update from whoever is providing the kernel to you." + eerror "http://sourceware.org/bugzilla/show_bug.cgi?id=5227" + eerror "http://bugs.gentoo.org/262698" + die "keeping your system alive, say thank you" + fi + + if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n' + then + eerror "Your old kernel is broken. You need to update it to" + eerror "a newer version as syscall(<bignum>) will break." + eerror "http://bugs.gentoo.org/279260" + die "keeping your system alive, say thank you" + fi + fi + + # users have had a chance to phase themselves, time to give em the boot + if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then + eerror "You still haven't deleted ${EROOT}/etc/locales.build." + eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." + die "lazy upgrader detected" + fi + + if [[ ${CTARGET} == i386-* ]] ; then + eerror "i386 CHOSTs are no longer supported." + eerror "Chances are you don't actually want/need i386." + eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml" + die "please fix your CHOST" + fi + + if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then + ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." + ewarn "This will result in a 50% performance penalty when running with a 32bit" + ewarn "hypervisor, which is probably not what you want." + fi + + use hardened && ! gcc-specs-pie && \ + ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" + + # Make sure host system is up to date #394453 + if has_version '<sys-libs/glibc-2.13' && \ + [[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]] + then + ebegin "Scanning system for __guard to see if you need to rebuild first ..." + local files=$( + scanelf -qys__guard -F'#s%F' \ + "${EROOT}"/*bin/ \ + "${EROOT}"/lib* \ + "${EROOT}"/usr/*bin/ \ + "${EROOT}"/usr/lib* | \ + egrep -v \ + -e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \ + -e "^${EROOT}/sbin/(ldconfig|sln)$" + ) + [[ -z ${files} ]] + if ! eend $? ; then + eerror "Your system still has old SSP __guard symbols. You need to" + eerror "rebuild all the packages that provide these files first:" + eerror "${files}" + die "old __guard detected" + fi + fi +} diff --git a/sys-libs/glibc/files/eblits/pkg_setup.eblit b/sys-libs/glibc/files/eblits/pkg_setup.eblit new file mode 100644 index 0000000..2aff258 --- /dev/null +++ b/sys-libs/glibc/files/eblits/pkg_setup.eblit @@ -0,0 +1,9 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +[[ ${EAPI:-0} == [0123] ]] && source "${FILESDIR}/eblits/pkg_pretend.eblit" + +eblit-glibc-pkg_setup() { + [[ ${EAPI:-0} == [0123] ]] && eblit-glibc-pkg_pretend +} diff --git a/sys-libs/glibc/files/eblits/src_compile.eblit b/sys-libs/glibc/files/eblits/src_compile.eblit new file mode 100644 index 0000000..7a38b3e --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_compile.eblit @@ -0,0 +1,24 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_configure.eblit" + +toolchain-glibc_src_compile() { + local t + for t in linuxthreads nptl ; do + if want_${t} ; then + [[ ${EAPI:-0} == [01] ]] && glibc_do_configure ${t} + emake -C "$(builddir ${t})" || die "make ${t} for ${ABI} failed" + fi + done +} + +eblit-glibc-src_compile() { + if just_headers ; then + [[ ${EAPI:-0} == [01] ]] && toolchain-glibc_headers_configure + return + fi + + foreach_abi toolchain-glibc_src_compile +} diff --git a/sys-libs/glibc/files/eblits/src_configure.eblit b/sys-libs/glibc/files/eblits/src_configure.eblit new file mode 100644 index 0000000..5f2fec0 --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_configure.eblit @@ -0,0 +1,263 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +dump_toolchain_settings() { + echo + + einfo "$*" + + local v + for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC LD {AS,C,CPP,CXX,LD}FLAGS ; do + einfo " $(printf '%15s' ${v}:) ${!v}" + done + + # The glibc configure script doesn't properly use LDFLAGS all the time. + export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}" + einfo " $(printf '%15s' 'Manual CC:') ${CC}" + echo +} + +glibc_do_configure() { + # Glibc does not work with gold (for various reasons) #269274. + tc-ld-disable-gold + + dump_toolchain_settings "Configuring glibc for $1" + + local myconf=() + + # set addons + pushd "${S}" > /dev/null + local addons=$(echo */configure | sed \ + -e 's:/configure::g' \ + -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \ + -e 's: \+$::' \ + -e 's! !,!g' \ + -e 's!^!,!' \ + -e '/^,\*$/d') + [[ -d ports ]] && addons+=",ports" + popd > /dev/null + + myconf+=( $(use_enable hardened stackguard-randomization) ) + if has_version '<sys-libs/glibc-2.13' ; then + myconf+=( --enable-old-ssp-compat ) + fi + + [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp ) + + if [[ $1 == "linuxthreads" ]] ; then + if want_tls ; then + myconf+=( --with-tls ) + + if ! want__thread || use glibc-compat20 || [[ ${LT_KER_VER} == 2.[02].* ]] ; then + myconf+=( --without-__thread ) + else + myconf+=( --with-__thread ) + fi + else + myconf+=( --without-tls --without-__thread ) + fi + + myconf+=( --disable-sanity-checks ) + addons="linuxthreads${addons}" + myconf+=( --enable-kernel=${LT_KER_VER} ) + elif [[ $1 == "nptl" ]] ; then + # Newer versions require nptl, so there is no addon for it. + version_is_at_least 2.20 || addons="nptl${addons}" + myconf+=( --enable-kernel=${NPTL_KERN_VER} ) + else + die "invalid pthread option" + fi + myconf+=( --enable-add-ons="${addons#,}" ) + + # Since SELinux support is only required for nscd, only enable it if: + # 1. USE selinux + # 2. only for the primary ABI on multilib systems + # 3. Not a crosscompile + if ! is_crosscompile && use selinux ; then + if use multilib ; then + if is_final_abi ; then + myconf+=( --with-selinux ) + else + myconf+=( --without-selinux ) + fi + else + myconf+=( --with-selinux ) + fi + else + myconf+=( --without-selinux ) + fi + + # Force a few tests where we always know the answer but + # configure is incapable of finding it. + if is_crosscompile ; then + export \ + libc_cv_c_cleanup=yes \ + libc_cv_forced_unwind=yes + fi + + myconf+=( + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + $(use_enable profile) + $(use_with gd) + --with-headers=$(alt_build_headers) + --libexecdir="${EPREFIX}/usr/$(get_libdir)/misc/glibc" + --with-bugurl=http://bugs.gentoo.org/ + --with-pkgversion="$(glibc_banner)" + $(use_multiarch || echo --disable-multi-arch) + $(in_iuse rpc && use_enable rpc obsolete-rpc || echo --enable-obsolete-rpc) + $(in_iuse systemtap && use_enable systemtap) + $(in_iuse nscd && use_enable nscd) + ${EXTRA_ECONF} + ) + + # We rely on sys-libs/timezone-data for timezone tools normally. + if version_is_at_least 2.23 ; then + myconf+=( $(use_enable vanilla timezone-tools) ) + fi + + # These libs don't have configure flags. + ac_cv_lib_audit_audit_log_user_avc_message=$(in_iuse audit && usex audit || echo no) + ac_cv_lib_cap_cap_init=$(in_iuse caps && usex caps || echo no) + + # There is no configure option for this and we need to export it + # since the glibc build will re-run configure on itself + export libc_cv_slibdir="${EPREFIX}/$(get_libdir)" + export libc_cv_rootsbindir="${EPREFIX}/sbin" + + # We take care of patching our binutils to use both hash styles, + # and many people like to force gnu hash style only, so disable + # this overriding check. #347761 + export libc_cv_hashstyle=no + + # Overtime, generating info pages can be painful. So disable this for + # versions older than the latest stable to avoid the issue (this ver + # should be updated from time to time). #464394 #465816 + if ! version_is_at_least 2.17 ; then + export ac_cv_prog_MAKEINFO=: + fi + + local builddir=$(builddir "$1") + mkdir -p "${builddir}" + cd "${builddir}" + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + # ia64 static cross-compilers are a pita in so much that they + # can't produce static ELFs (as the libgcc.a is broken). so + # disable building of the programs for those targets if it + # doesn't work. + # XXX: We could turn this into a compiler test, but ia64 is + # the only one that matters, so this should be fine for now. + if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then + sed -i '1i+link-static = touch $@' config.make + fi + + # If we're trying to migrate between ABI sets, we need + # to lie and use a local copy of gcc. Like if the system + # is built with MULTILIB_ABIS="amd64 x86" but we want to + # add x32 to it, gcc/glibc don't yet support x32. + if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then + echo 'main(){}' > "${T}"/test.c + if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then + sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die + mkdir -p sunrpc + cp $(which rpcgen) sunrpc/cross-rpcgen || die + touch -t 202001010101 sunrpc/cross-rpcgen || die + fi + fi +} + +toolchain-glibc_headers_configure() { + export ABI=default + + local builddir=$(builddir "headers") + mkdir -p "${builddir}" + cd "${builddir}" + + # if we don't have a compiler yet, we cant really test it now ... + # hopefully they don't affect header geneation, so let's hope for + # the best here ... + local v vars=( + ac_cv_header_cpuid_h=yes + libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes + libc_cv_asm_cfi_directives=yes + libc_cv_broken_visibility_attribute=no + libc_cv_c_cleanup=yes + libc_cv_forced_unwind=yes + libc_cv_gcc___thread=yes + libc_cv_mlong_double_128=yes + libc_cv_mlong_double_128ibm=yes + libc_cv_ppc_machine=yes + libc_cv_ppc_rel16=yes + libc_cv_predef_{fortify_source,stack_protector}=no + libc_cv_visibility_attribute=yes + libc_cv_z_combreloc=yes + libc_cv_z_execstack=yes + libc_cv_z_initfirst=yes + libc_cv_z_nodelete=yes + libc_cv_z_nodlopen=yes + libc_cv_z_relro=yes + libc_mips_abi=${ABI} + libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard) + # These libs don't have configure flags. + ac_cv_lib_audit_audit_log_user_avc_message=no + ac_cv_lib_cap_cap_init=no + ) + einfo "Forcing cached settings:" + for v in "${vars[@]}" ; do + einfo " ${v}" + export ${v} + done + + # Blow away some random CC settings that screw things up. #550192 + if [[ -d ${S}/sysdeps/mips ]]; then + pushd "${S}"/sysdeps/mips >/dev/null + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die + popd >/dev/null + fi + + local myconf=() + myconf+=( + --disable-sanity-checks + --enable-hacker-mode + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + --with-headers=$(alt_build_headers) + ${EXTRA_ECONF} + ) + + local addons + [[ -d ${S}/ports ]] && addons+=",ports" + # Newer versions require nptl, so there is no addon for it. + version_is_at_least 2.20 || addons+=",nptl" + myconf+=( --enable-add-ons="${addons#,}" ) + + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC/CFLAGS is sane. + CC="$(tc-getBUILD_CC)" \ + CFLAGS="-O1 -pipe" \ + CPPFLAGS="-U_FORTIFY_SOURCE" \ + LDFLAGS="" \ + ECONF_SOURCE="${S}" econf "${myconf[@]}" +} + +toolchain-glibc_src_configure() { + if just_headers ; then + toolchain-glibc_headers_configure + else + want_linuxthreads && glibc_do_configure linuxthreads + want_nptl && glibc_do_configure nptl + fi +} + +eblit-glibc-src_configure() { + foreach_abi toolchain-glibc_src_configure +} diff --git a/sys-libs/glibc/files/eblits/src_install.eblit b/sys-libs/glibc/files/eblits/src_install.eblit new file mode 100644 index 0000000..a23173e --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_install.eblit @@ -0,0 +1,244 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +toolchain-glibc_src_install() { + local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl)) + cd "${builddir}" + + emake install_root="${D}$(alt_prefix)" install || die + + if want_linuxthreads && want_nptl ; then + einfo "Installing NPTL to $(alt_libdir)/tls/..." + cd "$(builddir nptl)" + dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl + + local l src_lib + for l in libc libm librt libpthread libthread_db ; do + # take care of shared lib first ... + l=${l}.so + if [[ -e ${l} ]] ; then + src_lib=${l} + else + src_lib=$(eval echo */${l}) + fi + cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}" + fperms a+rx $(alt_libdir)/tls/${l} + dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib}) + + # then grab the linker script or the symlink ... + if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then + dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l} + else + sed \ + -e "s:/${l}:/tls/${l}:g" \ + -e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \ + "${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l} + fi + + # then grab the static lib ... + src_lib=${src_lib/%.so/.a} + [[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a} + cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" + src_lib=${src_lib/%.a/_nonshared.a} + if [[ -e ${src_lib} ]] ; then + cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" + fi + done + + # use the nptl linker instead of the linuxthreads one as the linuxthreads + # one may lack TLS support and that can be really bad for business + cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp" + fi + + # We'll take care of the cache ourselves + rm -f "${ED}"/etc/ld.so.cache + + # Everything past this point just needs to be done once ... + is_final_abi || return 0 + + # Make sure the non-native interp can be found on multilib systems even + # if the main library set isn't installed into the right place. Maybe + # we should query the active gcc for info instead of hardcoding it ? + local i ldso_abi ldso_name + local ldso_abi_list=( + # x86 + amd64 /lib64/ld-linux-x86-64.so.2 + x32 /libx32/ld-linux-x32.so.2 + x86 /lib/ld-linux.so.2 + # mips + o32 /lib/ld.so.1 + n32 /lib32/ld.so.1 + n64 /lib64/ld.so.1 + # powerpc + ppc /lib/ld.so.1 + ppc64 /lib64/ld64.so.1 + # s390 + s390 /lib/ld.so.1 + s390x /lib/ld64.so.1 + # sparc + sparc32 /lib/ld-linux.so.2 + sparc64 /lib64/ld-linux.so.2 + ) + case $(tc-endian) in + little) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64.so.1 + ) + ;; + big) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64_be.so.1 + ) + ;; + esac + if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then + dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib + fi + for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do + ldso_abi=${ldso_abi_list[i]} + has ${ldso_abi} $(get_install_abis) || continue + + ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}" + if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then + dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name} + fi + done + + # With devpts under Linux mounted properly, we do not need the pt_chown + # binary to be setuid. This is because the default owners/perms will be + # exactly what we want. + if in_iuse suid && ! use suid ; then + find "${ED}" -name pt_chown -exec chmod -s {} + + fi + + ################################################################# + # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY # + # Make sure we install some symlink hacks so that when we build + # a 2nd stage cross-compiler, gcc finds the target system + # headers correctly. See gcc/doc/gccinstall.info + if is_crosscompile ; then + # We need to make sure that /lib and /usr/lib always exists. + # gcc likes to use relative paths to get to its multilibs like + # /usr/lib/../lib64/. So while we don't install any files into + # /usr/lib/, we do need it to exist. + cd "${ED}"$(alt_libdir)/.. + [[ -e lib ]] || mkdir lib + cd "${ED}"$(alt_usrlibdir)/.. + [[ -e lib ]] || mkdir lib + + dosym usr/include $(alt_prefix)/sys-include + return 0 + fi + + # Files for Debian-style locale updating + dodir /usr/share/i18n + sed \ + -e "/^#/d" \ + -e "/SUPPORTED-LOCALES=/d" \ + -e "s: \\\\::g" -e "s:/: :g" \ + "${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \ + || die "generating /usr/share/i18n/SUPPORTED failed" + cd "${WORKDIR}"/extra/locale + dosbin locale-gen || die + doman *.[0-8] + insinto /etc + doins locale.gen || die + + # Make sure all the ABI's can find the locales and so we only + # have to generate one set + local a + keepdir /usr/$(get_libdir)/locale + for a in $(get_install_abis) ; do + if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then + dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale + fi + done + + cd "${S}" + + # Install misc network config files + insinto /etc + doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf || die + doins "${WORKDIR}"/extra/etc/*.conf || die + + if ! in_iuse nscd || use nscd ; then + doinitd "${WORKDIR}"/extra/etc/nscd || die + + local nscd_args=( + -e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):" + ) + version_is_at_least 2.16 || nscd_args+=( -e 's: --foreground : :' ) + sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd + + # Newer versions of glibc include the nscd.service themselves. + # TODO: Drop the $FILESDIR copy once 2.19 goes stable. + if version_is_at_least 2.19 ; then + systemd_dounit nscd/nscd.service || die + systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die + else + systemd_dounit "${FILESDIR}"/nscd.service || die + systemd_newtmpfilesd "${FILESDIR}"/nscd.tmpfilesd nscd.conf || die + fi + else + # Do this since extra/etc/*.conf above might have nscd.conf. + rm -f "${ED}"/etc/nscd.conf + fi + + echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc + doenvd "${T}"/00glibc || die + + for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do + [[ -s ${d} ]] && dodoc ${d} + done + + # Prevent overwriting of the /etc/localtime symlink. We'll handle the + # creation of the "factory" symlink in pkg_postinst(). + rm -f "${ED}"/etc/localtime +} + +toolchain-glibc_headers_install() { + local builddir=$(builddir "headers") + cd "${builddir}" + emake install_root="${D}$(alt_prefix)" install-headers || die + if ! version_is_at_least 2.16 ; then + insinto $(alt_headers)/bits + doins bits/stdio_lim.h || die + fi + insinto $(alt_headers)/gnu + doins "${S}"/include/gnu/stubs.h || die "doins include gnu" + # Make sure we install the sys-include symlink so that when + # we build a 2nd stage cross-compiler, gcc finds the target + # system headers correctly. See gcc/doc/gccinstall.info + dosym usr/include $(alt_prefix)/sys-include +} + +src_strip() { + # gdb is lame and requires some debugging information to remain in + # libpthread, so we need to strip it by hand. libthread_db makes no + # sense stripped as it is only used when debugging. + local pthread=$(has splitdebug ${FEATURES} && echo "libthread_db" || echo "lib{pthread,thread_db}") + env \ + -uRESTRICT \ + CHOST=${CTARGET} \ + STRIP_MASK="/*/{,tls/}${pthread}*" \ + prepallstrip + # if user has stripping enabled and does not have split debug turned on, + # then leave the debugging sections in libpthread. + if ! has nostrip ${FEATURES} && ! has splitdebug ${FEATURES} ; then + ${STRIP:-${CTARGET}-strip} --strip-debug "${ED}"/*/libpthread-*.so + fi +} + +eblit-glibc-src_install() { + if just_headers ; then + export ABI=default + toolchain-glibc_headers_install + return + fi + + foreach_abi toolchain-glibc_src_install + src_strip +} diff --git a/sys-libs/glibc/files/eblits/src_prepare.eblit b/sys-libs/glibc/files/eblits/src_prepare.eblit new file mode 100644 index 0000000..162cf53 --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_prepare.eblit @@ -0,0 +1,63 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +eblit-glibc-src_prepare() { + # XXX: We should do the branchupdate, before extracting the manpages and + # infopages else it does not help much (mtimes change if there is a change + # to them with branchupdate) + if [[ -n ${BRANCH_UPDATE} ]] ; then + epatch "${DISTDIR}"/glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 + + # Snapshot date patch + einfo "Patching version to display snapshot date ..." + sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h + fi + + # tag, glibc is it + if ! version_is_at_least 2.17 ; then + [[ -e csu/Banner ]] && die "need new banner location" + glibc_banner > csu/Banner + fi + if [[ -n ${PATCH_VER} ]] && ! use vanilla ; then + EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." \ + EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \ + EPATCH_SUFFIX="patch" \ + ARCH=$(tc-arch) \ + epatch "${WORKDIR}"/patches + fi + + if just_headers ; then + if [[ -e ports/sysdeps/mips/preconfigure ]] ; then + # mips peeps like to screw with us. if building headers, + # we don't have a real compiler, so we can't let them + # insert -mabi on us. + sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die + find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} + + fi + fi + + epatch_user + + gnuconfig_update + + # Glibc is stupid sometimes, and doesn't realize that with a + # static C-Only gcc, -lgcc_eh doesn't exist. + # http://sourceware.org/ml/libc-alpha/2003-09/msg00100.html + # http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html + # But! Finally fixed in recent versions: + # http://sourceware.org/ml/libc-alpha/2012-05/msg01865.html + if ! version_is_at_least 2.16 ; then + echo 'int main(){}' > "${T}"/gcc_eh_test.c + if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then + sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh" + fi + fi + + cd "${WORKDIR}" + find . -type f '(' -size 0 -o -name "*.orig" ')' -delete + find . -name configure -exec touch {} + + + # Fix permissions on some of the scripts. + chmod u+x "${S}"/scripts/*.sh +} diff --git a/sys-libs/glibc/files/eblits/src_test.eblit b/sys-libs/glibc/files/eblits/src_test.eblit new file mode 100644 index 0000000..fc5b950 --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_test.eblit @@ -0,0 +1,30 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +glibc_src_test() { + cd "$(builddir $1)" + nonfatal emake -j1 check && return 0 + einfo "make check failed - re-running with --keep-going to get the rest of the results" + nonfatal emake -j1 -k check + ewarn "make check failed for ${ABI}-${CTARGET}-$1" + return 1 +} + +toolchain-glibc_src_test() { + local ret=0 t + for t in linuxthreads nptl ; do + if want_${t} ; then + glibc_src_test ${t} + : $(( ret |= $? )) + fi + done + return ${ret} +} + +eblit-glibc-src_test() { + # Give tests more time to complete. + export TIMEOUTFACTOR=5 + + foreach_abi toolchain-glibc_src_test || die "tests failed" +} diff --git a/sys-libs/glibc/files/eblits/src_unpack.eblit b/sys-libs/glibc/files/eblits/src_unpack.eblit new file mode 100644 index 0000000..8d4c740 --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_unpack.eblit @@ -0,0 +1,121 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit" + +int_to_KV() { + local version=$1 major minor micro + major=$((version / 65536)) + minor=$(((version % 65536) / 256)) + micro=$((version % 256)) + echo ${major}.${minor}.${micro} +} + +eend_KV() { + [[ $(KV_to_int $1) -ge $(KV_to_int $2) ]] + eend $? +} + +get_kheader_version() { + printf '#include <linux/version.h>\nLINUX_VERSION_CODE\n' | \ + $(tc-getCPP ${CTARGET}) -I "${EPREFIX}/$(alt_build_headers)" - | \ + tail -n 1 +} + +check_nptl_support() { + # don't care about the compiler here as we arent using it + just_headers && return + + local run_kv build_kv want_kv + run_kv=$(int_to_KV $(get_KV)) + build_kv=$(int_to_KV $(get_kheader_version)) + want_kv=${NPTL_KERN_VER} + + ebegin "Checking gcc for __thread support" + if ! eend $(want__thread ; echo $?) ; then + echo + eerror "Could not find a gcc that supports the __thread directive!" + eerror "Please update your binutils/gcc and try again." + die "No __thread support in gcc!" + fi + + if ! is_crosscompile && ! tc-is-cross-compiler ; then + # Building fails on an non-supporting kernel + ebegin "Checking kernel version (${run_kv} >= ${want_kv})" + if ! eend_KV ${run_kv} ${want_kv} ; then + echo + eerror "You need a kernel of at least ${want_kv} for NPTL support!" + die "Kernel version too low!" + fi + fi + + ebegin "Checking linux-headers version (${build_kv} >= ${want_kv})" + if ! eend_KV ${build_kv} ${want_kv} ; then + echo + eerror "You need linux-headers of at least ${want_kv} for NPTL support!" + die "linux-headers version too low!" + fi +} + +unpack_pkg() { + local a=${PN} + [[ -n ${SNAP_VER} ]] && a="${a}-${RELEASE_VER}" + [[ -n $1 ]] && a="${a}-$1" + if [[ -n ${SNAP_VER} ]] ; then + a="${a}-${SNAP_VER}" + else + if [[ -n $2 ]] ; then + a="${a}-$2" + else + a="${a}-${RELEASE_VER}" + fi + fi + if has ${a}.tar.xz ${A} ; then + unpacker ${a}.tar.xz + else + unpack ${a}.tar.bz2 + fi + [[ -n $1 ]] && { mv ${a} $1 || die ; } +} + +toolchain-glibc_src_unpack() { + # Check NPTL support _before_ we unpack things to save some time + want_nptl && check_nptl_support + + if [[ -n ${EGIT_REPO_URIS} ]] ; then + local i d + for ((i=0; i<${#EGIT_REPO_URIS[@]}; ++i)) ; do + EGIT_REPO_URI=${EGIT_REPO_URIS[$i]} + EGIT_SOURCEDIR=${EGIT_SOURCEDIRS[$i]} + git-2_src_unpack + done + else + unpack_pkg + fi + + cd "${S}" + touch locale/C-translit.h #185476 #218003 + [[ -n ${LT_VER} ]] && unpack_pkg linuxthreads ${LT_VER} + [[ -n ${PORTS_VER} ]] && unpack_pkg ports ${PORTS_VER} + [[ -n ${LIBIDN_VER} ]] && unpack_pkg libidn + + if [[ -n ${PATCH_VER} ]] ; then + cd "${WORKDIR}" + unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 + # pull out all the addons + local d + for d in extra/*/configure ; do + d=${d%/configure} + [[ -d ${S}/${d} ]] && die "${d} already exists in \${S}" + mv "${d}" "${S}" || die "moving ${d} failed" + done + fi +} + +eblit-glibc-src_unpack() { + setup_env + + toolchain-glibc_src_unpack + [[ ${EAPI:-0} == [01] ]] && cd "${S}" && eblit-glibc-src_prepare +} diff --git a/sys-libs/glibc/files/nscd b/sys-libs/glibc/files/nscd new file mode 100644 index 0000000..b102de0 --- /dev/null +++ b/sys-libs/glibc/files/nscd @@ -0,0 +1,64 @@ +#!/sbin/runscript +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nscd,v 1.7 2007/02/23 12:09:39 uberlord Exp $ + +depend() { + use dns ldap net slapd +} + +checkconfig() { + if [ ! -d /var/run/nscd ] ; then + mkdir -p /var/run/nscd + chmod 755 /var/run/nscd + fi + if [ -z "${NSCD_PERMS_OK}" ] && [ "$(stat -c %a /var/run/nscd)" != "755" ] ; then + echo "" + ewarn "nscd run dir is not world readable, you should reset the perms:" + ewarn "chmod 755 /var/run/nscd" + ewarn "chmod a+rw /var/run/nscd/socket" + echo "" + ewarn "To disable this warning, set 'NSCD_PERMS_OK' in /etc/conf.d/nscd" + echo "" + fi +} + +start() { + checkconfig + + ebegin "Starting Name Service Cache Daemon" + local secure=`while read curline ; do + table=${curline%:*} + entries=${curline##$table:} + table=${table%%[^a-z]*} + case $table in + passwd*|group*|hosts) + for entry in $entries ; do + case $entry in + nisplus*) + /usr/sbin/nscd_nischeck $table || \ + /echo "-S $table,yes" + ;; + esac + done + ;; + esac + done < /etc/nsswitch.conf` + local pidfile="$(strings /usr/sbin/nscd | grep nscd.pid)" + mkdir -p "$(dirname ${pidfile})" + save_options pidfile "${pidfile}" + start-stop-daemon --start --quiet \ + --exec /usr/sbin/nscd --pidfile "${pidfile}" \ + -- $secure + eend $? +} + +stop() { + local pidfile="$(get_options pidfile)" + [ -n "${pidfile}" ] && pidfile="--pidfile ${pidfile}" + ebegin "Shutting down Name Service Cache Daemon" + start-stop-daemon --stop --quiet --exec /usr/sbin/nscd ${pidfile} + eend $? +} + +# vim:ts=4 diff --git a/sys-libs/glibc/files/nscd.service b/sys-libs/glibc/files/nscd.service new file mode 100644 index 0000000..25a3b1d --- /dev/null +++ b/sys-libs/glibc/files/nscd.service @@ -0,0 +1,15 @@ +[Unit] +Description=Name Service Cache Daemon +After=network.target + +[Service] +ExecStart=/usr/sbin/nscd -F +ExecStop=/usr/sbin/nscd --shutdown +ExecReload=/usr/sbin/nscd -i passwd +ExecReload=/usr/sbin/nscd -i group +ExecReload=/usr/sbin/nscd -i hosts +ExecReload=/usr/sbin/nscd -i services +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/sys-libs/glibc/files/nscd.tmpfilesd b/sys-libs/glibc/files/nscd.tmpfilesd new file mode 100644 index 0000000..52edbba --- /dev/null +++ b/sys-libs/glibc/files/nscd.tmpfilesd @@ -0,0 +1,4 @@ +# Configuration to create /run/nscd directory +# Used as part of systemd's tmpfiles + +d /run/nscd 0755 root root diff --git a/sys-libs/glibc/files/nsswitch.conf b/sys-libs/glibc/files/nsswitch.conf new file mode 100644 index 0000000..eb16961 --- /dev/null +++ b/sys-libs/glibc/files/nsswitch.conf @@ -0,0 +1,24 @@ +# /etc/nsswitch.conf: +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nsswitch.conf,v 1.1 2005/05/17 00:52:41 vapier Exp $ + +passwd: compat +shadow: compat +group: compat + +# passwd: db files nis +# shadow: db files nis +# group: db files nis + +hosts: files dns +networks: files dns + +services: db files +protocols: db files +rpc: db files +ethers: db files +netmasks: files +netgroup: files +bootparams: files + +automount: files +aliases: files diff --git a/sys-libs/glibc/glibc-2.15-r1.ebuild b/sys-libs/glibc/glibc-2.15-r1.ebuild new file mode 100644 index 0000000..757f34d --- /dev/null +++ b/sys-libs/glibc/glibc-2.15-r1.ebuild @@ -0,0 +1,233 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.15-r1.ebuild,v 1.17 2013/04/05 00:25:16 vapier Exp $ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND inner-net" +KEYWORDS="~amd64 -hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +BRANCH_UPDATE="" +SNAP_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS=( "git://sourceware.org/git/glibc.git" "git://sourceware.org/git/glibc-ports.git" ) + EGIT_SOURCEDIRS=( "${S}" "${S}/ports" ) + inherit git-2 + ;; +*_p*) + RELEASE_VER=${PV%_p*} + SNAP_VER=${PV#*_p} + ;; +*) + RELEASE_VER=${PV} + ;; +esac +LIBIDN_VER="" # it's integrated into the main tarball now +PATCH_VER="13" # Gentoo patchset +PORTS_VER=${RELEASE_VER} # version of glibc ports addon +LT_VER="" # version of linuxthreads addon +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires +#LT_KERN_VER=${LT_KERN_VER:-"2.4.1"} # min kernel version linuxthreads requires + +IUSE="debug gd hardened multilib selinux profile vanilla crosscompile_opts_headers-only ${LT_VER:+glibc-compat20 nptl linuxthreads}" +[[ -n ${RELEASE_VER} ]] && S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils for as-needed +# arch: we need to make sure our binutils/gcc supports TLS +DEPEND=">=sys-devel/gcc-3.4.4 + arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 ) + x86? ( >=sys-devel/gcc-4.3 ) + amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 ) + ppc? ( >=sys-devel/gcc-4.1.0 ) + ppc64? ( >=sys-devel/gcc-4.1.0 ) + >=sys-devel/binutils-2.15.94 + ${LT_VER:+nptl? (} >=sys-kernel/linux-headers-${NPTL_KERN_VER} ${LT_VER:+)} + >=app-misc/pax-utils-0.1.10 + virtual/os-headers + !<sys-apps/sandbox-1.2.18.1-r2 + !<sys-apps/portage-2.1.2 + !<sys-devel/patch-2.6 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers" +else + DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )" + RDEPEND="${RDEPEND} + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +SRC_URI=$( + upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 + } + gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} + } + + TARNAME=${PN} + if [[ -n ${SNAP_VER} ]] ; then + TARNAME="${PN}-${RELEASE_VER}" + [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER} + upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2 + elif [[ -z ${EGIT_REPO_URIS} ]] ; then + upstream_uris ${TARNAME}-${RELEASE_VER}.tar.xz + fi + [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2 + [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.xz + [[ -n ${LT_VER} ]] && upstream_uris ${TARNAME}-linuxthreads-${LT_VER}.tar.bz2 + [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 + [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 +) + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + GLIBC_PATCH_EXCLUDE+=" 1200_all_glibc-${PV}-x32.patch" +} + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.15-r2.ebuild b/sys-libs/glibc/glibc-2.15-r2.ebuild new file mode 100644 index 0000000..2d106b9 --- /dev/null +++ b/sys-libs/glibc/glibc-2.15-r2.ebuild @@ -0,0 +1,225 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.15-r2.ebuild,v 1.30 2013/04/05 00:25:16 vapier Exp $ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND inner-net" +KEYWORDS="alpha amd64 arm -hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +BRANCH_UPDATE="" +SNAP_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS=( "git://sourceware.org/git/glibc.git" "git://sourceware.org/git/glibc-ports.git" ) + EGIT_SOURCEDIRS=( "${S}" "${S}/ports" ) + inherit git-2 + ;; +*_p*) + RELEASE_VER=${PV%_p*} + SNAP_VER=${PV#*_p} + ;; +*) + RELEASE_VER=${PV} + ;; +esac +LIBIDN_VER="" # it's integrated into the main tarball now +PATCH_VER="21" # Gentoo patchset +PORTS_VER=${RELEASE_VER} # version of glibc ports addon +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib selinux profile vanilla crosscompile_opts_headers-only" +[[ -n ${RELEASE_VER} ]] && S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils for as-needed +# arch: we need to make sure our binutils/gcc supports TLS +DEPEND=">=sys-devel/gcc-3.4.4 + arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 ) + x86? ( >=sys-devel/gcc-4.3 ) + amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 ) + ppc? ( >=sys-devel/gcc-4.1.0 ) + ppc64? ( >=sys-devel/gcc-4.1.0 ) + >=sys-devel/binutils-2.15.94 + >=app-misc/pax-utils-0.1.10 + virtual/os-headers + !<sys-apps/sandbox-1.2.18.1-r2 + !<sys-apps/portage-2.1.2 + !<sys-devel/patch-2.6 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers" +else + DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )" + RDEPEND="${RDEPEND} + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +SRC_URI=$( + upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 + } + gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} + } + + TARNAME=${PN} + if [[ -n ${SNAP_VER} ]] ; then + TARNAME="${PN}-${RELEASE_VER}" + [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER} + upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2 + elif [[ -z ${EGIT_REPO_URIS} ]] ; then + upstream_uris ${TARNAME}-${RELEASE_VER}.tar.xz + fi + [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2 + [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.xz + [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 + [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 +) + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.15-r3.ebuild b/sys-libs/glibc/glibc-2.15-r3.ebuild new file mode 100644 index 0000000..fb2b257 --- /dev/null +++ b/sys-libs/glibc/glibc-2.15-r3.ebuild @@ -0,0 +1,227 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.15-r3.ebuild,v 1.14 2013/05/09 04:41:16 vapier Exp $ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND inner-net" +KEYWORDS="alpha amd64 arm -hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +BRANCH_UPDATE="" +SNAP_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS=( "git://sourceware.org/git/glibc.git" "git://sourceware.org/git/glibc-ports.git" ) + EGIT_SOURCEDIRS=( "${S}" "${S}/ports" ) + inherit git-2 + ;; +*_p*) + RELEASE_VER=${PV%_p*} + SNAP_VER=${PV#*_p} + ;; +*) + RELEASE_VER=${PV} + ;; +esac +LIBIDN_VER="" # it's integrated into the main tarball now +PATCH_VER="23" # Gentoo patchset +PORTS_VER=${RELEASE_VER} # version of glibc ports addon +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib selinux profile vanilla crosscompile_opts_headers-only" +[[ -n ${RELEASE_VER} ]] && S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils for as-needed +# arch: we need to make sure our binutils/gcc supports TLS +DEPEND=">=sys-devel/gcc-3.4.4 + arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 ) + x86? ( >=sys-devel/gcc-4.3 ) + amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 ) + ppc? ( >=sys-devel/gcc-4.1.0 ) + ppc64? ( >=sys-devel/gcc-4.1.0 ) + >=sys-devel/binutils-2.15.94 + >=app-misc/pax-utils-0.1.10 + virtual/os-headers + !<sys-apps/sandbox-1.2.18.1-r2 + !<sys-apps/portage-2.1.2 + !<sys-devel/patch-2.6 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers" +else + DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )" + RDEPEND="${RDEPEND} + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +SRC_URI=$( + upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 + } + gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} + } + + TARNAME=${PN} + if [[ -n ${SNAP_VER} ]] ; then + TARNAME="${PN}-${RELEASE_VER}" + [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER} + upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2 + elif [[ -z ${EGIT_REPO_URIS} ]] ; then + upstream_uris ${TARNAME}-${RELEASE_VER}.tar.xz + fi + [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2 + [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.xz + [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 + [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 +) + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-post() { + epatch "${FILESDIR}"/2.15/glibc-2.15-localstatedir-backport.patch + + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.17.ebuild b/sys-libs/glibc/glibc-2.17.ebuild new file mode 100644 index 0000000..40b2f6c --- /dev/null +++ b/sys-libs/glibc/glibc-2.17.ebuild @@ -0,0 +1,228 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.17.ebuild,v 1.16 2013/06/27 12:19:41 jer Exp $ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing prefix + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +PATCH_VER="7" # Gentoo patchset +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +SRC_URI=$( + upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 + } + gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} + } + + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + GLIBC_PATCH_EXCLUDE+=" 6600_mips_librt-mips.patch" #456912 +} + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi + + # RHEL(likely CentOS and SL) 5.6 have kernels with vdso bug, + # https://bugzilla.redhat.com/show_bug.cgi?id=673616 + # we disable vdso loading in ELF handler, as suggest by Mike Frysinger + # http://article.gmane.org/gmane.comp.lib.glibc.user/1904 + # Benda Xu <heroxbd@gentoo.org> (3 Jul, 2013) + elog "Your kernel is known to have vdso bug, disabling this feature" + epatch "${FILESDIR}"/2.17/vdso-disable.patch + + epatch "${FILESDIR}"/2.17/locale-gen_prefix.patch + eprefixify "${WORKDIR}"/extra/locale/locale-gen + + cd "${S}" + epatch "${FILESDIR}"/2.17/glibc-2.17-runtime-prefix.patch + eprefixify glibc-compat/nss_{compat/compat-{grp,{,s}pwd},files/files-netgrp}.c \ + nis/nss_compat/compat-{grp,initgroups,{,s}pwd}.c \ + nss/{db-Makefile,{bug-erange,nss_files/files-init{,groups}}.c} \ + resolv/{netdb,resolv}.h sysdeps/{{generic,unix/sysv/linux}/paths.h,posix/system.c} \ + libio/iopopen.c + epatch "${FILESDIR}"/${PV}/${P}-shadow-prefix.patch +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.19-r1.ebuild b/sys-libs/glibc/glibc-2.19-r1.ebuild new file mode 100644 index 0000000..8758b70 --- /dev/null +++ b/sys-libs/glibc/glibc-2.19-r1.ebuild @@ -0,0 +1,227 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.19-r1.ebuild,v 1.11 2014/10/26 08:05:50 vapier Exp $ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing prefix + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="3" # Gentoo patchset +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only rap" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_unpack-post() { + eprefixify extra/locale/locale-gen + + cd "${S}" + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.19/glibc-2.19-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi + + if use rap; then + if type -p lsb_release > lsb-loc; then + local lsb_id=$(lsb_release -i) + local lsb_rel=$(lsb_release -r) + fi + + if [[ ${lsb_id} == *CentOS ]] || [[ ${lsb_id} == *RedHat* ]]; then + if [[ ${lsb_rel} == *5.6 ]]; then + elog "Your kernel is known to have vdso bug, disabling this feature" + elog "https://bugzilla.redhat.com/show_bug.cgi?id=678613" + epatch "${FILESDIR}"/${PV}/${P}-vdso-disable.patch + fi + fi + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/metadata.xml b/sys-libs/glibc/metadata.xml new file mode 100644 index 0000000..f1f3fd9 --- /dev/null +++ b/sys-libs/glibc/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>toolchain</herd> +<use> + <flag name='gd'>build memusage and memusagestat tools</flag> + <flag name='nscd'>Build, and enable support for, the Name Service Cache Daemon</flag> + <flag name='suid'>Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5</flag> + <flag name='systemtap'>enable systemtap static probe points</flag> +</use> +</pkgmetadata> |