Fix 2.5-hardened-pie.spec (bug #170731), and make 2.5-r1 robust against compiler...

Package-Manager: portage-2.1.2.2

diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog
index 33d27fe7619b9b04e671da748b62c8d959caf7cb..e289c1dd20c60350aba7a44bd5f72868cfcde860 100644 (file)
--- a/sys-libs/glibc/ChangeLog
+++ b/sys-libs/glibc/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for sys-libs/glibc
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.506 2007/03/13 06:09:44 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.507 2007/03/15 16:09:05 kevquinn Exp $
+
+  15 Mar 2007; Kevin F. Quinn <kevquinn@gentoo.org>
+  files/2.5/glibc-2.5-hardened-pie.patch, glibc-2.5-r1.ebuild:
+  Fix 2.5-hardened-pie.spec (bug #170731), and make 2.5-r1 robust against compiler variant.
 
 *glibc-2.5-r1 (13 Mar 2007)
 

diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
index 8ffffbc8b847825d0a19cbabe751d5d80c9a1a85..7783848f4b58c189a1584babdb7f0f5bbf291351 100644 (file)
--- a/sys-libs/glibc/Manifest
+++ b/sys-libs/glibc/Manifest
@@ -401,10 +401,10 @@ AUX 2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 RMD160 352112bf4f2d8d58
 MD5 310d9d273a19090287c44a38aba92753 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407
 RMD160 352112bf4f2d8d58471f22f623784350baf0bc86 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407
 SHA256 2a912e82445815ae32744d990c59d8758ec74e482b856bd274c292848b9af1fd files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407
-AUX 2.5/glibc-2.5-hardened-pie.patch 1548 RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da SHA1 0bb184451121d130be9e1888d081c556edcb88d3 SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00
-MD5 8d7eadd996eec8fa9939658404ee386d files/2.5/glibc-2.5-hardened-pie.patch 1548
-RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da files/2.5/glibc-2.5-hardened-pie.patch 1548
-SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00 files/2.5/glibc-2.5-hardened-pie.patch 1548
+AUX 2.5/glibc-2.5-hardened-pie.patch 1569 RMD160 8746aeb9f9c68ca153d93cf92c9df93d0fb324d6 SHA1 c2ec8d9286af38017f5bee5a8823f642c067201d SHA256 ff9cde8857c5da89faa4039e2a81748674fbeaaa49d85c378d80711d55f2b0c1
+MD5 43fbcad7f8dbfcc0dd3efed283ae2d0a files/2.5/glibc-2.5-hardened-pie.patch 1569
+RMD160 8746aeb9f9c68ca153d93cf92c9df93d0fb324d6 files/2.5/glibc-2.5-hardened-pie.patch 1569
+SHA256 ff9cde8857c5da89faa4039e2a81748674fbeaaa49d85c378d80711d55f2b0c1 files/2.5/glibc-2.5-hardened-pie.patch 1569
 AUX fix-sysctl_h.patch 376 RMD160 b5dd68158224b09ddc42986be02351c74f81e0a0 SHA1 5601fbea6961368bcc192aef78e96ee2c5310713 SHA256 3a589f63fd1f3f6c5a00c66a10943d3d64630aefb1eb5b37e7f2a856fcea234a
 MD5 e4393f4721a207750581d6265d5f7f40 files/fix-sysctl_h.patch 376
 RMD160 b5dd68158224b09ddc42986be02351c74f81e0a0 files/fix-sysctl_h.patch 376
@@ -509,18 +509,18 @@ EBUILD glibc-2.4-r4.ebuild 39210 RMD160 fd782b08e862bd1889b9d6dc73386f6ff43ce676
 MD5 f7e1022963b4ac00d04110ef57c1a0eb glibc-2.4-r4.ebuild 39210
 RMD160 fd782b08e862bd1889b9d6dc73386f6ff43ce676 glibc-2.4-r4.ebuild 39210
 SHA256 d05fc7bf0c6cd701443f61328afb4e80ce6ff6d7d364de346cfdc297ffedc5df glibc-2.4-r4.ebuild 39210
-EBUILD glibc-2.5-r1.ebuild 38591 RMD160 2ef3cb55f31e99eb43832cd39da79cf3dc01dec4 SHA1 6f39f4e4a94d25bcfdd910ce5bb3cdefc3c45448 SHA256 f21f6b8e10f6347e3df663a194848b2dae1c89ba9d56f48d519dd14b3c14d658
-MD5 6eb8a9bd4864500630d35d35805301e6 glibc-2.5-r1.ebuild 38591
-RMD160 2ef3cb55f31e99eb43832cd39da79cf3dc01dec4 glibc-2.5-r1.ebuild 38591
-SHA256 f21f6b8e10f6347e3df663a194848b2dae1c89ba9d56f48d519dd14b3c14d658 glibc-2.5-r1.ebuild 38591
+EBUILD glibc-2.5-r1.ebuild 38960 RMD160 65435c088e9108c2471fa40ec57533c711954f83 SHA1 eff248b48cb5b6682f5d4685d4f23147208c835a SHA256 e0e7e9c40ae938b153804f377cfaf95555f8a6f0b855b16d52adefae4a1a36de
+MD5 b120b9bce8be16692c93907f78ff297e glibc-2.5-r1.ebuild 38960
+RMD160 65435c088e9108c2471fa40ec57533c711954f83 glibc-2.5-r1.ebuild 38960
+SHA256 e0e7e9c40ae938b153804f377cfaf95555f8a6f0b855b16d52adefae4a1a36de glibc-2.5-r1.ebuild 38960
 EBUILD glibc-2.5.ebuild 37920 RMD160 f0ed4f2224d0788057479f08f46481b310a41c86 SHA1 07fea0d2d7b9d4fa25ea6f9729edd9cb3b68cf9d SHA256 95fbb9bfc9a1f964b51138413afc14eda068ce409784b78f19137fa157ca2d20
 MD5 1acffac4370ad139d4778d9f212a2f2e glibc-2.5.ebuild 37920
 RMD160 f0ed4f2224d0788057479f08f46481b310a41c86 glibc-2.5.ebuild 37920
 SHA256 95fbb9bfc9a1f964b51138413afc14eda068ce409784b78f19137fa157ca2d20 glibc-2.5.ebuild 37920
-MISC ChangeLog 99469 RMD160 8b6ef004e39f4a8b418f73241f41a7385127ec2f SHA1 1dd6c9b88dd21348292b25ceebe134127cd0e438 SHA256 a79e8110ba480ca84c602215bb76dcd4dc3b642bda8023eaa45948d43a54c0fd
-MD5 f45c057756832b7e4ce1c5898433d4d4 ChangeLog 99469
-RMD160 8b6ef004e39f4a8b418f73241f41a7385127ec2f ChangeLog 99469
-SHA256 a79e8110ba480ca84c602215bb76dcd4dc3b642bda8023eaa45948d43a54c0fd ChangeLog 99469
+MISC ChangeLog 99679 RMD160 56a92e46f2c3e3dde3da9847a016acbdd699059b SHA1 ff8716f13026bc08b125cd6633245a7eb7d2eef4 SHA256 0568eb24605468bed81190689b5d3110665dd33daf3f0cdf5d798b26aa7ee885
+MD5 acb0161856a1f441fe7a912fed58a2c6 ChangeLog 99679
+RMD160 56a92e46f2c3e3dde3da9847a016acbdd699059b ChangeLog 99679
+SHA256 0568eb24605468bed81190689b5d3110665dd33daf3f0cdf5d798b26aa7ee885 ChangeLog 99679
 MISC metadata.xml 162 RMD160 d002486a43522f2116b1d9d59828c484956d66e2 SHA1 d6b4923897f6ae673b4f93646f5b4ba61d5a2c3c SHA256 65a915d44de1f01d4b7f72d313b4192c38374a9835d24988c00c1e73dca5805a
 MD5 567094e03359ffc1c95af7356395228d metadata.xml 162
 RMD160 d002486a43522f2116b1d9d59828c484956d66e2 metadata.xml 162
@@ -553,9 +553,9 @@ MD5 30fc9163b2a49cb4a083d02feace4918 files/digest-glibc-2.5-r1 1280
 RMD160 74d079011c9a8d9155cd5f51591ca3a04cb9df26 files/digest-glibc-2.5-r1 1280
 SHA256 b0af33330bd44dd7acd6f4aec9039d61b7fe9de005a8cf6edf63ee399cdeaa72 files/digest-glibc-2.5-r1 1280
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.3 (GNU/Linux)
+Version: GnuPG v1.4.6 (GNU/Linux)
 
-iD8DBQFF9l+A8bi6rjpTunYRAkYkAKDQ6dvMCbPREcGuMB9ubMSR5RUNIACfaJxm
-Egh4920UzXkhA9WDwjeZr1s=
-=94xm
+iD8DBQFF+XBtZfNLSOUrp0sRAvl0AKCnsHJMM/kavZW5DOExAjpIJRi8VACfW7IQ
+ZEOpAXRuRQVmLddTbelrBD0=
+=mcnC
 -----END PGP SIGNATURE-----

diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
index 280d6e1bbaf8b77356a4f655b0f8de3f9338059a..46f3de4f78758d2f8f61003cc92ba7d394f9fa27 100644 (file)
--- a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
+++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
@@ -11,7 +11,7 @@ Patch by Kevin F. Quinn <kevquinn@gentoo.org>
 -+link = $(CC) -nostdlib -nostartfiles -o $@ \
 ++link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \
              $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
-             $(combreloc-LDFLAGS) $(relro-LDFLAGS) \
+             $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
 -            $(addprefix $(csu-objpfx),$(start-installed-name)) \
 +            $(addprefix $(csu-objpfx),S$(start-installed-name)) \
              $(+preinit) $(+prector) \

diff --git a/sys-libs/glibc/glibc-2.5-r1.ebuild b/sys-libs/glibc/glibc-2.5-r1.ebuild
index f065a60e420873378aa3e5c0c482870269fcd65d..c6db55fceb841a78181650b6a265a735a3dbb7e7 100644 (file)
--- a/sys-libs/glibc/glibc-2.5-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.5-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.2 2007/03/13 08:23:22 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.3 2007/03/15 16:09:05 kevquinn Exp $
 
 # Here's how the cross-compile logic breaks down ...
 #  CTARGET - machine that will target the binaries
@@ -221,12 +221,12 @@ toolchain-glibc_src_unpack() {
        if use hardened ; then
                cd "${S}"
                einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
-               epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
+               gcc-specs-pie && epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
                epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch
                epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-inittls-nosysenter.patch
 
                einfo "Installing Hardened Gentoo SSP handler"
-               cp -f "${FILESDIR}"/2.5/glibc-2.4-gentoo-stack_chk_fail.c \
+               cp -f "${FILESDIR}"/2.5/glibc-2.5-gentoo-stack_chk_fail.c \
                        debug/stack_chk_fail.c || die
 
                if use debug ; then
@@ -724,8 +724,16 @@ setup_flags() {
        # to the glibc build process. See bug #94325
        filter-flags -fstack-protector
 
-       # Don't let the compiler automatically build PIEs unless USE=hardened.
-       use hardened || filter-flags -fPIE
+       if use hardened && gcc-specs-pie ; then
+               # Force PIC macro definition for all compilations since they're all
+               # either -fPIC or -fPIE with the default-PIE compiler.
+               append-flags -DPIC
+               export ASFLAGS="${ASFLAGS} -DPIC"
+       else
+               # Don't build -fPIE without the default-PIE compiler and the
+               # hardened-pie patch
+               filter-flags -fPIE
+       fi
 }
 
 check_kheader_version() {
@@ -1081,6 +1089,9 @@ pkg_setup() {
                eerror "You do not have pax-utils installed."
                die "install pax-utils"
        fi
+
+       use hardened && ! gcc-specs-pie && \
+               ewarn "PIE hardening not applied, as your compiler doesn't default to PIE"
 }
 
 src_unpack() {