Move hardened stuff back to each ebuild (since that is how we are tracking it) and add support for pre/post eblit hooks. Also fixup hardened patch to apply #198335.

Package-Manager: portage-2.1.3.19
author: Mike Frysinger <vapier@gentoo.org> 2007-11-11 20:12:38 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2007-11-11 20:12:38 +0000
commit: 0ff13c9af3b9f3d628fd5261c05b53d3669969ac (patch)
tree: 7ddaf4ef7ca9b4cb3f7deb4fdb217c32a5387ba9 /sys-libs
parent: alpha/ia64/sparc stable wrt #198578 (diff)
download: historical-0ff13c9af3b9f3d628fd5261c05b53d3669969ac.tar.gz
historical-0ff13c9af3b9f3d628fd5261c05b53d3669969ac.tar.bz2
historical-0ff13c9af3b9f3d628fd5261c05b53d3669969ac.zip
6 files changed, 383 insertions, 51 deletions
diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog
index 5e05ab40cc17..897666c0615a 100644
--- a/sys-libs/glibc/ChangeLog
+++ b/sys-libs/glibc/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-libs/glibc
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.563 2007/11/10 14:40:55 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.564 2007/11/11 20:12:37 vapier Exp $
+
+  11 Nov 2007; Mike Frysinger <vapier@gentoo.org>
+  +files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch,
+  files/eblits/src_unpack.eblit, glibc-2.6.1.ebuild, glibc-2.7.ebuild:
+  Move hardened stuff back to each ebuild (since that is how we are tracking
+  it) and add support for pre/post eblit hooks. Also fixup hardened patch to
+  apply #198335.
 
   10 Nov 2007; Mike Frysinger <vapier@gentoo.org> glibc-2.6.ebuild,
   glibc-2.6.1.ebuild, glibc-2.7.ebuild:
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
index 54fb8c7184e5..7be240dd2789 100644
--- a/sys-libs/glibc/Manifest
+++ b/sys-libs/glibc/Manifest
@@ -413,6 +413,10 @@ AUX 2.6/glibc-2.6-hardened-inittls-nosysenter.patch 8674 RMD160 f4e7df0cb25292af
 MD5 cebca9f412d4c393f32f9cca68575a5f files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch 8674
 RMD160 f4e7df0cb25292afc13e18332569d2ca288fdf92 files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch 8674
 SHA256 cf58ded8fbe9fcb3dc094521feec2588c1520ff2c632b20c69d6a210325c4fcf files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch 8674
+AUX 2.7/glibc-2.7-hardened-inittls-nosysenter.patch 8755 RMD160 b674894f3b16f63193bb8040f8a5657dce82e1f9 SHA1 79fb3a4454b85af70dac95dd79134be3fe3a9201 SHA256 b0b1bf0746f7160b89cf281502b95c38dec9cb948d6a50a907b84fd6230a2dc3
+MD5 1033e153c58605fd2ade988fa818f088 files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch 8755
+RMD160 b674894f3b16f63193bb8040f8a5657dce82e1f9 files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch 8755
+SHA256 b0b1bf0746f7160b89cf281502b95c38dec9cb948d6a50a907b84fd6230a2dc3 files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch 8755
 AUX eblits/common.eblit 7155 RMD160 f8b7d8a0d4056b89ba77b996bfa16ba58051091d SHA1 faa2ec204833d489238dc2d7af7c02eddb07044e SHA256 c0a3fddd148ccd08fe2b7c32d079bcaf2213f5f492aea319a6d30f92a9a45e6a
 MD5 c4e0b0938e2d49dcaec4ab8d2c67ad06 files/eblits/common.eblit 7155
 RMD160 f8b7d8a0d4056b89ba77b996bfa16ba58051091d files/eblits/common.eblit 7155
@@ -429,10 +433,10 @@ AUX eblits/src_test.eblit 1101 RMD160 708f1704d5ef1931cd9afee7f9ef8f33a2a7c81d S
 MD5 1bf15cf61fbead7ecad818093a67ad4e files/eblits/src_test.eblit 1101
 RMD160 708f1704d5ef1931cd9afee7f9ef8f33a2a7c81d files/eblits/src_test.eblit 1101
 SHA256 b30fff5b0bb97793895b534424c922f5ef10e16079a25ff52fcaeabfcdcec93f files/eblits/src_test.eblit 1101
-AUX eblits/src_unpack.eblit 5688 RMD160 dbc7991241dfe2d8b28f4597d2a455e02e6791d1 SHA1 c8e1f3eac1da5b26cdde16623d957395e1aa4a8d SHA256 5d43a8d2db1f216ea290dd96657b9ac93ab5143a1c0a7824da8179f8b4e2e7fa
-MD5 bfe38e99310e0fbf34e87da5712a890e files/eblits/src_unpack.eblit 5688
-RMD160 dbc7991241dfe2d8b28f4597d2a455e02e6791d1 files/eblits/src_unpack.eblit 5688
-SHA256 5d43a8d2db1f216ea290dd96657b9ac93ab5143a1c0a7824da8179f8b4e2e7fa files/eblits/src_unpack.eblit 5688
+AUX eblits/src_unpack.eblit 4674 RMD160 4b41371b61d940d0237dd3dd370bb8060cc05433 SHA1 ca37acc1b2022732d2a330554c01d2c759ee8922 SHA256 e31d3cdccdd1b4cd96622bf15693e7406c3c577b8ae0dca7d9a46ab045ff8ede
+MD5 3b1579bfed98b33e8a8cb04c714d5d85 files/eblits/src_unpack.eblit 4674
+RMD160 4b41371b61d940d0237dd3dd370bb8060cc05433 files/eblits/src_unpack.eblit 4674
+SHA256 e31d3cdccdd1b4cd96622bf15693e7406c3c577b8ae0dca7d9a46ab045ff8ede files/eblits/src_unpack.eblit 4674
 AUX fix-sysctl_h.patch 376 RMD160 b5dd68158224b09ddc42986be02351c74f81e0a0 SHA1 5601fbea6961368bcc192aef78e96ee2c5310713 SHA256 3a589f63fd1f3f6c5a00c66a10943d3d64630aefb1eb5b37e7f2a856fcea234a
 MD5 e4393f4721a207750581d6265d5f7f40 files/fix-sysctl_h.patch 376
 RMD160 b5dd68158224b09ddc42986be02351c74f81e0a0 files/fix-sysctl_h.patch 376
@@ -564,22 +568,22 @@ EBUILD glibc-2.5.1.ebuild 38754 RMD160 4f351c8e74913b579d558df61f7e85df1550a26a
 MD5 5c33285350e0975cb0228f8567bd3942 glibc-2.5.1.ebuild 38754
 RMD160 4f351c8e74913b579d558df61f7e85df1550a26a glibc-2.5.1.ebuild 38754
 SHA256 d108a1c5a82bece216b4b469f234b9d5c979431d0ab2f053fbe4c873d9dd2ba2 glibc-2.5.1.ebuild 38754
-EBUILD glibc-2.6.1.ebuild 10885 RMD160 25b947a3ab961101b1a9522987366b01293a173a SHA1 c90cdec7294902f6e8c5529e1702e12e7f7cbbae SHA256 d64c703f4700884cdada8ec0abe4521731da35cba03089ecb5f004b478f8800a
-MD5 f4f9ea82a5772e4bd62277d3d3e01e05 glibc-2.6.1.ebuild 10885
-RMD160 25b947a3ab961101b1a9522987366b01293a173a glibc-2.6.1.ebuild 10885
-SHA256 d64c703f4700884cdada8ec0abe4521731da35cba03089ecb5f004b478f8800a glibc-2.6.1.ebuild 10885
+EBUILD glibc-2.6.1.ebuild 12131 RMD160 40cc439d1c266e3aba06fd91227c4ce5accd2879 SHA1 ace1a3a292418d2aa304df919dfab3d526bd8e7f SHA256 a04708c84e36be503265eb80d1bcbeef7b5fe0c434b3b4f0e4dc3669949d14f5
+MD5 6081a08d7632a91d399c1395777d85c1 glibc-2.6.1.ebuild 12131
+RMD160 40cc439d1c266e3aba06fd91227c4ce5accd2879 glibc-2.6.1.ebuild 12131
+SHA256 a04708c84e36be503265eb80d1bcbeef7b5fe0c434b3b4f0e4dc3669949d14f5 glibc-2.6.1.ebuild 12131
 EBUILD glibc-2.6.ebuild 39505 RMD160 87c1e6fd2f982345133c1bb85424cdb80a1b71c8 SHA1 1792f6be2d12f8a4c8f4759fb00e18754459cf52 SHA256 edb61c6412783b34b6071cad06c916bf075389543206698505f9a80bfb7edafe
 MD5 915ffb605faef770a14cb1c06ded4b13 glibc-2.6.ebuild 39505
 RMD160 87c1e6fd2f982345133c1bb85424cdb80a1b71c8 glibc-2.6.ebuild 39505
 SHA256 edb61c6412783b34b6071cad06c916bf075389543206698505f9a80bfb7edafe glibc-2.6.ebuild 39505
-EBUILD glibc-2.7.ebuild 10912 RMD160 6c95499fead43bae9d2525730634452c46bf96d1 SHA1 f61cfd7369662ee0ac9744b2ea6a9808e383f421 SHA256 75b2ed667282ba8d64beaf01eb1f3d52e86e4fefcb63061ccbe85516d64948ae
-MD5 2ab3d56953c476b7e4eaf08e9bfafa6e glibc-2.7.ebuild 10912
-RMD160 6c95499fead43bae9d2525730634452c46bf96d1 glibc-2.7.ebuild 10912
-SHA256 75b2ed667282ba8d64beaf01eb1f3d52e86e4fefcb63061ccbe85516d64948ae glibc-2.7.ebuild 10912
-MISC ChangeLog 107022 RMD160 a4ced97d3372b5e7deb9528c52e80805c17fb565 SHA1 20db88783268b5c0ee14f986c287f29bd0f23386 SHA256 abe04c305f334d9666ce17f45e128498142779e0b0de060be8e8b273647b9f03
-MD5 6acd36039f78237a05580977185a20d8 ChangeLog 107022
-RMD160 a4ced97d3372b5e7deb9528c52e80805c17fb565 ChangeLog 107022
-SHA256 abe04c305f334d9666ce17f45e128498142779e0b0de060be8e8b273647b9f03 ChangeLog 107022
+EBUILD glibc-2.7.ebuild 12158 RMD160 d0a13d3498500f54232d9d0cf3507479305f5c85 SHA1 bc4e04becdc2beac1ac79c3b0fc96286493a4be1 SHA256 a774df9be617797f7c4ac39e68a165b215e53091162741d370523c4ea8e7fd56
+MD5 45ebbcbe1729d9442fea3c2a41dbb61d glibc-2.7.ebuild 12158
+RMD160 d0a13d3498500f54232d9d0cf3507479305f5c85 glibc-2.7.ebuild 12158
+SHA256 a774df9be617797f7c4ac39e68a165b215e53091162741d370523c4ea8e7fd56 glibc-2.7.ebuild 12158
+MISC ChangeLog 107373 RMD160 203129fe14b286c69bc3ed151146d4d69f22fa12 SHA1 f887b8eeb3098189fa6973416e22819ca3e36b74 SHA256 8138894a6cf37126a2de9c0b7d6181565acdfdae31321abb43896a6bccf16f74
+MD5 1c56defb8604aa4c88735de2005f104d ChangeLog 107373
+RMD160 203129fe14b286c69bc3ed151146d4d69f22fa12 ChangeLog 107373
+SHA256 8138894a6cf37126a2de9c0b7d6181565acdfdae31321abb43896a6bccf16f74 ChangeLog 107373
 MISC metadata.xml 162 RMD160 d002486a43522f2116b1d9d59828c484956d66e2 SHA1 d6b4923897f6ae673b4f93646f5b4ba61d5a2c3c SHA256 65a915d44de1f01d4b7f72d313b4192c38374a9835d24988c00c1e73dca5805a
 MD5 567094e03359ffc1c95af7356395228d metadata.xml 162
 RMD160 d002486a43522f2116b1d9d59828c484956d66e2 metadata.xml 162
@@ -626,7 +630,7 @@ SHA256 2f7e23ec5516ec17421ac7f7677a7883604d33c13c6a1afb081752633632a02b files/di
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.7 (GNU/Linux)
 
-iD8DBQFHNcL+p/wUKkr7RBoRArL9AKChCP3HDPPl1R0R/OSCsVE5HE0nDgCeN4+t
-3EcaINQ4MvUDy4U84TQg/eI=
-=UAG+
+iD8DBQFHN2I8p/wUKkr7RBoRAhrYAJ9tmGunXScz/c2utgPQoQXB3K24PACg4HuJ
+88TJsTDqwUlhm+kgHQ+wsJU=
+=GgrL
 -----END PGP SIGNATURE-----
diff --git a/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch
new file mode 100644
index 000000000000..ecf57a911b0f
--- /dev/null
+++ b/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch
@@ -0,0 +1,273 @@
+When building glibc PIE (which is not something upstream support),
+several modifications are necessary to the glibc build process.
+
+First, any syscalls in PIEs must be of the PIC variant, otherwise
+textrels ensue.  Then, any syscalls made before the initialisation
+of the TLS will fail on i386, as the sysenter variant on i386 uses
+the TLS, giving rise to a chicken-and-egg situation.  This patch
+defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
+version is normally used, and uses the non-sysenter version for the brk
+syscall that is performed by the TLS initialisation.  Further, the TLS
+initialisation is moved in this case prior to the initialisation of
+dl_osversion, as that requires further syscalls.
+
+csu/libc-start.c: Move initial TLS initialization to before the
+initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
+
+csu/libc-tls.c: Use the no-sysenter version of sbrk when
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
+version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/brk.c: Define a no-sysenter version of brk if
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
+Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+
+--- csu/libc-start.c
++++ csu/libc-start.c
+@@ -28,6 +28,7 @@
+ extern int __libc_multiple_libcs;
+ 
+ #include <tls.h>
++#include <sysdep.h>
+ #ifndef SHARED
+ # include <dl-osinfo.h>
+ extern void __pthread_initialize_minimal (void);
+@@ -129,6 +130,11 @@
+ #  endif
+   _dl_aux_init (auxvec);
+ # endif
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++  /* Do the initial TLS initialization before _dl_osversion,
++     since the latter uses the uname syscall.  */
++  __pthread_initialize_minimal ();
++# endif
+ # ifdef DL_SYSDEP_OSCHECK
+   if (!__libc_multiple_libcs)
+     {
+@@ -138,10 +144,12 @@
+     }
+ # endif
+ 
++# ifndef INTERNAL_SYSCALL_NOSYSENTER
+   /* Initialize the thread library at least a bit since the libgcc
+      functions are using thread functions if these are available and
+      we need to setup errno.  */
+   __pthread_initialize_minimal ();
++# endif
+ 
+   /* Set up the stack checker's canary.  */
+   uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+--- csu/libc-tls.c
++++ csu/libc-tls.c
+@@ -23,6 +23,7 @@
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/param.h>
++#include <sysdep.h>
+ 
+ 
+ #ifdef SHARED
+@@ -29,6 +30,9 @@
+  #error makefile bug, this file is for static only
+ #endif
+ 
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++extern void *__sbrk_nosysenter (intptr_t __delta);
++#endif
+ extern ElfW(Phdr) *_dl_phdr;
+ extern size_t _dl_phnum;
+ 
+@@ -141,14 +145,26 @@
+ 
+      The initialized value of _dl_tls_static_size is provided by dl-open.c
+      to request some surplus that permits dynamic loading of modules with
+-     IE-model TLS.  */
++     IE-model TLS.
++     
++     Where the normal sbrk would use a syscall that needs the TLS (i386)
++     use the special non-sysenter version instead.  */
+ #if TLS_TCB_AT_TP
+   tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++  tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
++# else
+   tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
++# endif
+ #elif TLS_DTV_AT_TP
+   tcb_offset = roundup (tcbsize, align ?: 1);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++  tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
++		     + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# else
+   tlsblock = __sbrk (tcb_offset + memsz + max_align
+ 		     + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# endif
+   tlsblock += TLS_PRE_TCB_SIZE;
+ #else
+   /* In case a model with a different layout for the TCB and DTV
+--- misc/sbrk.c
++++ misc/sbrk.c
+@@ -18,6 +18,7 @@
+ 
+ #include <unistd.h>
+ #include <errno.h>
++#include <sysdep.h>
+ 
+ /* Defined in brk.c.  */
+ extern void *__curbrk;
+@@ -29,6 +30,35 @@
+ /* Extend the process's data space by INCREMENT.
+    If INCREMENT is negative, shrink data space by - INCREMENT.
+    Return start of new space allocated, or -1 for errors.  */
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++   if the SYSENTER version requires the TLS (which it does on i386).
++   Obviously using the TLS before it is initialised is broken. */
++extern int __brk_nosysenter (void *addr);
++void *
++__sbrk_nosysenter (intptr_t increment)
++{
++  void *oldbrk;
++
++  /* If this is not part of the dynamic library or the library is used
++     via dynamic loading in a statically linked program update
++     __curbrk from the kernel's brk value.  That way two separate
++     instances of __brk and __sbrk can share the heap, returning
++     interleaved pieces of it.  */
++  if (__curbrk == NULL || __libc_multiple_libcs)
++    if (__brk_nosysenter (0) < 0)		/* Initialize the break.  */
++      return (void *) -1;
++
++  if (increment == 0)
++    return __curbrk;
++
++  oldbrk = __curbrk;
++  if (__brk_nosysenter (oldbrk + increment) < 0)
++    return (void *) -1;
++
++  return oldbrk;
++}
++#endif
+ void *
+ __sbrk (intptr_t increment)
+ {
+--- sysdeps/unix/sysv/linux/i386/brk.c
++++ sysdeps/unix/sysv/linux/i386/brk.c
+@@ -31,6 +31,30 @@
+    linker.  */
+ weak_alias (__curbrk, ___brk_addr)
+ 
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ * if the SYSENTER version requires the TLS (which it does on i386).
++ * Obviously using the TLS before it is initialised is broken. */
++int
++__brk_nosysenter (void *addr)
++{
++  void *__unbounded newbrk;
++
++  INTERNAL_SYSCALL_DECL (err);
++  newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
++						 __ptrvalue (addr));
++
++  __curbrk = newbrk;
++
++  if (newbrk < addr)
++    {
++      __set_errno (ENOMEM);
++      return -1;
++    }
++
++  return 0;
++}
++#endif
+ int
+ __brk (void *addr)
+ {
+--- sysdeps/unix/sysv/linux/i386/sysdep.h
++++ sysdeps/unix/sysv/linux/i386/sysdep.h
+@@ -187,7 +187,7 @@
+ /* The original calling convention for system calls on Linux/i386 is
+    to use int $0x80.  */
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ #  define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
+ # else
+ #  define ENTER_KERNEL call *_dl_sysinfo
+@@ -358,7 +358,7 @@
+    possible to use more than four parameters.  */
+ #undef INTERNAL_SYSCALL
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ #  define INTERNAL_SYSCALL(name, err, nr, args...) \
+   ({									      \
+     register unsigned int resultvar;					      \
+@@ -384,6 +384,18 @@
+     : "0" (name), "i" (offsetof (tcbhead_t, sysinfo))			      \
+       ASMFMT_##nr(args) : "memory", "cc");				      \
+     (int) resultvar; })
++#  define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
++  ({									      \
++    register unsigned int resultvar;					      \
++    EXTRAVAR_##nr							      \
++    asm volatile (							      \
++    LOADARGS_NOSYSENTER_##nr						      \
++    "movl %1, %%eax\n\t"						      \
++    "int $0x80\n\t"							      \
++    RESTOREARGS_NOSYSENTER_##nr						      \
++    : "=a" (resultvar)							      \
++    : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc");		      \
++    (int) resultvar; })
+ # else
+ #  define INTERNAL_SYSCALL(name, err, nr, args...) \
+   ({									      \
+@@ -447,12 +459,20 @@
+ 
+ #define LOADARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ #  define LOADARGS_1 \
+     "bpushl .L__X'%k3, %k3\n\t"
+ #  define LOADARGS_5 \
+     "movl %%ebx, %4\n\t"						      \
+     "movl %3, %%ebx\n\t"
++#  define LOADARGS_NOSYSENTER_1 \
++    "bpushl .L__X'%k2, %k2\n\t"
++#  define LOADARGS_NOSYSENTER_2	LOADARGS_NOSYSENTER_1
++#  define LOADARGS_NOSYSENTER_3	LOADARGS_3
++#  define LOADARGS_NOSYSENTER_4	LOADARGS_3
++#  define LOADARGS_NOSYSENTER_5 \
++    "movl %%ebx, %3\n\t"						      \
++    "movl %2, %%ebx\n\t"
+ # else
+ #  define LOADARGS_1 \
+     "bpushl .L__X'%k2, %k2\n\t"
+@@ -474,11 +495,18 @@
+ 
+ #define RESTOREARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ #  define RESTOREARGS_1 \
+     "bpopl .L__X'%k3, %k3\n\t"
+ #  define RESTOREARGS_5 \
+     "movl %4, %%ebx"
++#  define RESTOREARGS_NOSYSENTER_1 \
++    "bpopl .L__X'%k2, %k2\n\t"
++#  define RESTOREARGS_NOSYSENTER_2	RESTOREARGS_NOSYSENTER_1
++#  define RESTOREARGS_NOSYSENTER_3	RESTOREARGS_3
++#  define RESTOREARGS_NOSYSENTER_4	RESTOREARGS_3
++#  define RESTOREARGS_NOSYSENTER_5 \
++    "movl %3, %%ebx"
+ # else
+ #  define RESTOREARGS_1 \
+     "bpopl .L__X'%k2, %k2\n\t"
diff --git a/sys-libs/glibc/files/eblits/src_unpack.eblit b/sys-libs/glibc/files/eblits/src_unpack.eblit
index 67c3bdd1473f..d27345fcb51f 100644
--- a/sys-libs/glibc/files/eblits/src_unpack.eblit
+++ b/sys-libs/glibc/files/eblits/src_unpack.eblit
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/src_unpack.eblit,v 1.3 2007/11/10 04:07:21 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/src_unpack.eblit,v 1.4 2007/11/11 20:12:38 vapier Exp $
 
 check_kheader_version() {
 	local version=$(
@@ -108,34 +108,6 @@ toolchain-glibc_src_unpack() {
 		echo "Gentoo patchset ${PATCH_VER}" > csu/Banner
 	fi
 
-	if use hardened ; then
-		cd "${S}"
-		einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
-		gcc-specs-pie && epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
-		epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch
-		epatch "${FILESDIR}"/2.6/glibc-2.6-hardened-inittls-nosysenter.patch
-
-		einfo "Installing Hardened Gentoo SSP handler"
-		cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
-			debug/stack_chk_fail.c || die
-
-		if use debug ; then
-			# When using Hardened Gentoo stack handler, have smashes dump core for
-			# analysis - debug only, as core could be an information leak
-			# (paranoia).
-			sed -i \
-				-e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-				debug/Makefile \
-				|| die "Failed to modify debug/Makefile for debug stack handler"
-		fi
-
-		# Build nscd with ssp-all
-		sed -i \
-			-e 's:-fstack-protector$:-fstack-protector-all:' \
-			nscd/Makefile \
-			|| die "Failed to ensure nscd builds with ssp-all"
-	fi
-
 	gnuconfig_update
 }
 
diff --git a/sys-libs/glibc/glibc-2.6.1.ebuild b/sys-libs/glibc/glibc-2.6.1.ebuild
index 6bcdcad150db..504eb1ee1e99 100644
--- a/sys-libs/glibc/glibc-2.6.1.ebuild
+++ b/sys-libs/glibc/glibc-2.6.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.6.1.ebuild,v 1.15 2007/11/10 14:40:55 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.6.1.ebuild,v 1.16 2007/11/11 20:12:37 vapier Exp $
 
 inherit eutils versionator libtool toolchain-funcs flag-o-matic gnuconfig multilib
 
@@ -135,12 +135,20 @@ eblit-include() {
 	die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
 }
 
+# eblit-run-maybe <function>
+# run the specified function if it is defined
+eblit-run-maybe() {
+	[[ $(type -t "$@") == "function" ]] && "$@"
+}
+
 # eblit-run <function> [version]
 # aka: src_unpack() { eblit-run src_unpack ; }
 eblit-run() {
 	eblit-include --skip common "${*:2}"
 	eblit-include "$@"
+	eblit-run-maybe eblit-$1-pre
 	eblit-${PN}-$1 || die
+	eblit-run-maybe eblit-$1-post
 }
 
 src_unpack()  { eblit-run src_unpack  ; }
@@ -148,6 +156,36 @@ src_compile() { eblit-run src_compile ; }
 src_test()    { eblit-run src_test    ; }
 src_install() { eblit-run src_install ; }
 
+eblit-src_unpack-post() {
+	if use hardened ; then
+		cd "${S}"
+		einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+		gcc-specs-pie && epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
+		epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch
+		epatch "${FILESDIR}"/2.6/glibc-2.6-hardened-inittls-nosysenter.patch
+
+		einfo "Installing Hardened Gentoo SSP handler"
+		cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
+			debug/stack_chk_fail.c || die
+
+		if use debug ; then
+			# When using Hardened Gentoo stack handler, have smashes dump core for
+			# analysis - debug only, as core could be an information leak
+			# (paranoia).
+			sed -i \
+				-e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+				debug/Makefile \
+				|| die "Failed to modify debug/Makefile for debug stack handler"
+		fi
+
+		# Build nscd with ssp-all
+		sed -i \
+			-e 's:-fstack-protector$:-fstack-protector-all:' \
+			nscd/Makefile \
+			|| die "Failed to ensure nscd builds with ssp-all"
+	fi
+}
+
 pkg_setup() {
 	# prevent native builds from downgrading ... maybe update to allow people
 	# to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2)
diff --git a/sys-libs/glibc/glibc-2.7.ebuild b/sys-libs/glibc/glibc-2.7.ebuild
index d35be58b0130..29c2fc891f4f 100644
--- a/sys-libs/glibc/glibc-2.7.ebuild
+++ b/sys-libs/glibc/glibc-2.7.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.7.ebuild,v 1.7 2007/11/10 14:40:55 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.7.ebuild,v 1.8 2007/11/11 20:12:37 vapier Exp $
 
 inherit eutils versionator libtool toolchain-funcs flag-o-matic gnuconfig multilib
 
@@ -136,12 +136,20 @@ eblit-include() {
 	die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
 }
 
+# eblit-run-maybe <function>
+# run the specified function if it is defined
+eblit-run-maybe() {
+	[[ $(type -t "$@") == "function" ]] && "$@"
+}
+
 # eblit-run <function> [version]
 # aka: src_unpack() { eblit-run src_unpack ; }
 eblit-run() {
 	eblit-include --skip common "${*:2}"
 	eblit-include "$@"
+	eblit-run-maybe eblit-$1-pre
 	eblit-${PN}-$1 || die
+	eblit-run-maybe eblit-$1-post
 }
 
 src_unpack()  { eblit-run src_unpack  ; }
@@ -149,6 +157,36 @@ src_compile() { eblit-run src_compile ; }
 src_test()    { eblit-run src_test    ; }
 src_install() { eblit-run src_install ; }
 
+eblit-src_unpack-post() {
+	if use hardened ; then
+		cd "${S}"
+		einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+		gcc-specs-pie && epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
+		epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch
+		epatch "${FILESDIR}"/2.7/glibc-2.7-hardened-inittls-nosysenter.patch
+
+		einfo "Installing Hardened Gentoo SSP handler"
+		cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
+			debug/stack_chk_fail.c || die
+
+		if use debug ; then
+			# When using Hardened Gentoo stack handler, have smashes dump core for
+			# analysis - debug only, as core could be an information leak
+			# (paranoia).
+			sed -i \
+				-e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+				debug/Makefile \
+				|| die "Failed to modify debug/Makefile for debug stack handler"
+		fi
+
+		# Build nscd with ssp-all
+		sed -i \
+			-e 's:-fstack-protector$:-fstack-protector-all:' \
+			nscd/Makefile \
+			|| die "Failed to ensure nscd builds with ssp-all"
+	fi
+}
+
 pkg_setup() {
 	# prevent native builds from downgrading ... maybe update to allow people
 	# to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2)
author	Mike Frysinger <vapier@gentoo.org>	2007-11-11 20:12:38 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2007-11-11 20:12:38 +0000
commit	0ff13c9af3b9f3d628fd5261c05b53d3669969ac (patch)
tree	7ddaf4ef7ca9b4cb3f7deb4fdb217c32a5387ba9 /sys-libs
parent	alpha/ia64/sparc stable wrt #198578 (diff)
download	historical-0ff13c9af3b9f3d628fd5261c05b53d3669969ac.tar.gz historical-0ff13c9af3b9f3d628fd5261c05b53d3669969ac.tar.bz2 historical-0ff13c9af3b9f3d628fd5261c05b53d3669969ac.zip