From 11237c163ce92365c9832917adc28d237535bf8c Mon Sep 17 00:00:00 2001 From: "Kevin F. Quinn" Date: Thu, 15 Mar 2007 16:09:06 +0000 Subject: [PATCH] Fix 2.5-hardened-pie.spec (bug #170731), and make 2.5-r1 robust against compiler variant. Package-Manager: portage-2.1.2.2 --- sys-libs/glibc/ChangeLog | 6 +++- sys-libs/glibc/Manifest | 32 +++++++++---------- .../files/2.5/glibc-2.5-hardened-pie.patch | 2 +- sys-libs/glibc/glibc-2.5-r1.ebuild | 21 +++++++++--- 4 files changed, 38 insertions(+), 23 deletions(-) diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog index 33d27fe7619b..e289c1dd20c6 100644 --- a/sys-libs/glibc/ChangeLog +++ b/sys-libs/glibc/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for sys-libs/glibc # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.506 2007/03/13 06:09:44 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.507 2007/03/15 16:09:05 kevquinn Exp $ + + 15 Mar 2007; Kevin F. Quinn + files/2.5/glibc-2.5-hardened-pie.patch, glibc-2.5-r1.ebuild: + Fix 2.5-hardened-pie.spec (bug #170731), and make 2.5-r1 robust against compiler variant. *glibc-2.5-r1 (13 Mar 2007) diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest index 8ffffbc8b847..7783848f4b58 100644 --- a/sys-libs/glibc/Manifest +++ b/sys-libs/glibc/Manifest @@ -401,10 +401,10 @@ AUX 2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 RMD160 352112bf4f2d8d58 MD5 310d9d273a19090287c44a38aba92753 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 RMD160 352112bf4f2d8d58471f22f623784350baf0bc86 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 SHA256 2a912e82445815ae32744d990c59d8758ec74e482b856bd274c292848b9af1fd files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 -AUX 2.5/glibc-2.5-hardened-pie.patch 1548 RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da SHA1 0bb184451121d130be9e1888d081c556edcb88d3 SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00 -MD5 8d7eadd996eec8fa9939658404ee386d files/2.5/glibc-2.5-hardened-pie.patch 1548 -RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da files/2.5/glibc-2.5-hardened-pie.patch 1548 -SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00 files/2.5/glibc-2.5-hardened-pie.patch 1548 +AUX 2.5/glibc-2.5-hardened-pie.patch 1569 RMD160 8746aeb9f9c68ca153d93cf92c9df93d0fb324d6 SHA1 c2ec8d9286af38017f5bee5a8823f642c067201d SHA256 ff9cde8857c5da89faa4039e2a81748674fbeaaa49d85c378d80711d55f2b0c1 +MD5 43fbcad7f8dbfcc0dd3efed283ae2d0a files/2.5/glibc-2.5-hardened-pie.patch 1569 +RMD160 8746aeb9f9c68ca153d93cf92c9df93d0fb324d6 files/2.5/glibc-2.5-hardened-pie.patch 1569 +SHA256 ff9cde8857c5da89faa4039e2a81748674fbeaaa49d85c378d80711d55f2b0c1 files/2.5/glibc-2.5-hardened-pie.patch 1569 AUX fix-sysctl_h.patch 376 RMD160 b5dd68158224b09ddc42986be02351c74f81e0a0 SHA1 5601fbea6961368bcc192aef78e96ee2c5310713 SHA256 3a589f63fd1f3f6c5a00c66a10943d3d64630aefb1eb5b37e7f2a856fcea234a MD5 e4393f4721a207750581d6265d5f7f40 files/fix-sysctl_h.patch 376 RMD160 b5dd68158224b09ddc42986be02351c74f81e0a0 files/fix-sysctl_h.patch 376 @@ -509,18 +509,18 @@ EBUILD glibc-2.4-r4.ebuild 39210 RMD160 fd782b08e862bd1889b9d6dc73386f6ff43ce676 MD5 f7e1022963b4ac00d04110ef57c1a0eb glibc-2.4-r4.ebuild 39210 RMD160 fd782b08e862bd1889b9d6dc73386f6ff43ce676 glibc-2.4-r4.ebuild 39210 SHA256 d05fc7bf0c6cd701443f61328afb4e80ce6ff6d7d364de346cfdc297ffedc5df glibc-2.4-r4.ebuild 39210 -EBUILD glibc-2.5-r1.ebuild 38591 RMD160 2ef3cb55f31e99eb43832cd39da79cf3dc01dec4 SHA1 6f39f4e4a94d25bcfdd910ce5bb3cdefc3c45448 SHA256 f21f6b8e10f6347e3df663a194848b2dae1c89ba9d56f48d519dd14b3c14d658 -MD5 6eb8a9bd4864500630d35d35805301e6 glibc-2.5-r1.ebuild 38591 -RMD160 2ef3cb55f31e99eb43832cd39da79cf3dc01dec4 glibc-2.5-r1.ebuild 38591 -SHA256 f21f6b8e10f6347e3df663a194848b2dae1c89ba9d56f48d519dd14b3c14d658 glibc-2.5-r1.ebuild 38591 +EBUILD glibc-2.5-r1.ebuild 38960 RMD160 65435c088e9108c2471fa40ec57533c711954f83 SHA1 eff248b48cb5b6682f5d4685d4f23147208c835a SHA256 e0e7e9c40ae938b153804f377cfaf95555f8a6f0b855b16d52adefae4a1a36de +MD5 b120b9bce8be16692c93907f78ff297e glibc-2.5-r1.ebuild 38960 +RMD160 65435c088e9108c2471fa40ec57533c711954f83 glibc-2.5-r1.ebuild 38960 +SHA256 e0e7e9c40ae938b153804f377cfaf95555f8a6f0b855b16d52adefae4a1a36de glibc-2.5-r1.ebuild 38960 EBUILD glibc-2.5.ebuild 37920 RMD160 f0ed4f2224d0788057479f08f46481b310a41c86 SHA1 07fea0d2d7b9d4fa25ea6f9729edd9cb3b68cf9d SHA256 95fbb9bfc9a1f964b51138413afc14eda068ce409784b78f19137fa157ca2d20 MD5 1acffac4370ad139d4778d9f212a2f2e glibc-2.5.ebuild 37920 RMD160 f0ed4f2224d0788057479f08f46481b310a41c86 glibc-2.5.ebuild 37920 SHA256 95fbb9bfc9a1f964b51138413afc14eda068ce409784b78f19137fa157ca2d20 glibc-2.5.ebuild 37920 -MISC ChangeLog 99469 RMD160 8b6ef004e39f4a8b418f73241f41a7385127ec2f SHA1 1dd6c9b88dd21348292b25ceebe134127cd0e438 SHA256 a79e8110ba480ca84c602215bb76dcd4dc3b642bda8023eaa45948d43a54c0fd -MD5 f45c057756832b7e4ce1c5898433d4d4 ChangeLog 99469 -RMD160 8b6ef004e39f4a8b418f73241f41a7385127ec2f ChangeLog 99469 -SHA256 a79e8110ba480ca84c602215bb76dcd4dc3b642bda8023eaa45948d43a54c0fd ChangeLog 99469 +MISC ChangeLog 99679 RMD160 56a92e46f2c3e3dde3da9847a016acbdd699059b SHA1 ff8716f13026bc08b125cd6633245a7eb7d2eef4 SHA256 0568eb24605468bed81190689b5d3110665dd33daf3f0cdf5d798b26aa7ee885 +MD5 acb0161856a1f441fe7a912fed58a2c6 ChangeLog 99679 +RMD160 56a92e46f2c3e3dde3da9847a016acbdd699059b ChangeLog 99679 +SHA256 0568eb24605468bed81190689b5d3110665dd33daf3f0cdf5d798b26aa7ee885 ChangeLog 99679 MISC metadata.xml 162 RMD160 d002486a43522f2116b1d9d59828c484956d66e2 SHA1 d6b4923897f6ae673b4f93646f5b4ba61d5a2c3c SHA256 65a915d44de1f01d4b7f72d313b4192c38374a9835d24988c00c1e73dca5805a MD5 567094e03359ffc1c95af7356395228d metadata.xml 162 RMD160 d002486a43522f2116b1d9d59828c484956d66e2 metadata.xml 162 @@ -553,9 +553,9 @@ MD5 30fc9163b2a49cb4a083d02feace4918 files/digest-glibc-2.5-r1 1280 RMD160 74d079011c9a8d9155cd5f51591ca3a04cb9df26 files/digest-glibc-2.5-r1 1280 SHA256 b0af33330bd44dd7acd6f4aec9039d61b7fe9de005a8cf6edf63ee399cdeaa72 files/digest-glibc-2.5-r1 1280 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.3 (GNU/Linux) +Version: GnuPG v1.4.6 (GNU/Linux) -iD8DBQFF9l+A8bi6rjpTunYRAkYkAKDQ6dvMCbPREcGuMB9ubMSR5RUNIACfaJxm -Egh4920UzXkhA9WDwjeZr1s= -=94xm +iD8DBQFF+XBtZfNLSOUrp0sRAvl0AKCnsHJMM/kavZW5DOExAjpIJRi8VACfW7IQ +ZEOpAXRuRQVmLddTbelrBD0= +=mcnC -----END PGP SIGNATURE----- diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch index 280d6e1bbaf8..46f3de4f7875 100644 --- a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch +++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch @@ -11,7 +11,7 @@ Patch by Kevin F. Quinn -+link = $(CC) -nostdlib -nostartfiles -o $@ \ ++link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \ $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ - $(combreloc-LDFLAGS) $(relro-LDFLAGS) \ + $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ - $(addprefix $(csu-objpfx),$(start-installed-name)) \ + $(addprefix $(csu-objpfx),S$(start-installed-name)) \ $(+preinit) $(+prector) \ diff --git a/sys-libs/glibc/glibc-2.5-r1.ebuild b/sys-libs/glibc/glibc-2.5-r1.ebuild index f065a60e4208..c6db55fceb84 100644 --- a/sys-libs/glibc/glibc-2.5-r1.ebuild +++ b/sys-libs/glibc/glibc-2.5-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.2 2007/03/13 08:23:22 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.3 2007/03/15 16:09:05 kevquinn Exp $ # Here's how the cross-compile logic breaks down ... # CTARGET - machine that will target the binaries @@ -221,12 +221,12 @@ toolchain-glibc_src_unpack() { if use hardened ; then cd "${S}" einfo "Patching to get working PIE binaries on PIE (hardened) platforms" - epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch + gcc-specs-pie && epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-inittls-nosysenter.patch einfo "Installing Hardened Gentoo SSP handler" - cp -f "${FILESDIR}"/2.5/glibc-2.4-gentoo-stack_chk_fail.c \ + cp -f "${FILESDIR}"/2.5/glibc-2.5-gentoo-stack_chk_fail.c \ debug/stack_chk_fail.c || die if use debug ; then @@ -724,8 +724,16 @@ setup_flags() { # to the glibc build process. See bug #94325 filter-flags -fstack-protector - # Don't let the compiler automatically build PIEs unless USE=hardened. - use hardened || filter-flags -fPIE + if use hardened && gcc-specs-pie ; then + # Force PIC macro definition for all compilations since they're all + # either -fPIC or -fPIE with the default-PIE compiler. + append-flags -DPIC + export ASFLAGS="${ASFLAGS} -DPIC" + else + # Don't build -fPIE without the default-PIE compiler and the + # hardened-pie patch + filter-flags -fPIE + fi } check_kheader_version() { @@ -1081,6 +1089,9 @@ pkg_setup() { eerror "You do not have pax-utils installed." die "install pax-utils" fi + + use hardened && ! gcc-specs-pie && \ + ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" } src_unpack() { -- 2.26.2