[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/

[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/

[Matthias Maier]

commit:     9fe8087634d878eeed259019bf6f3eb19ef209b8
Author:     Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache <DOT> Org>
AuthorDate: Wed Jun 14 14:31:44 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Fri Jun 16 08:23:34 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fe80876

toolchain-glibc.eclass: Build most of >=sys-libs/glibc-2.25 with -fstack-protector-all (bug #609048).

configure accepts --enable-stack-protector=... option which results
in build system passing appropriate -fstack-protector... option
when possible.

Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 eclass/toolchain-glibc.eclass       | 17 ++++++++++++++---
 sys-libs/glibc/glibc-2.25-r1.ebuild |  5 -----
 sys-libs/glibc/glibc-9999.ebuild    |  5 -----
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass
index ef9d91acaed..eba829cd2f6 100644
--- a/eclass/toolchain-glibc.eclass
+++ b/eclass/toolchain-glibc.eclass
@@ -254,7 +254,7 @@ setup_flags() {
 	# this flag for us, so no need to do it manually.
 	version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE
 
-	# building glibc with SSP is fraught with difficulty, especially
+	# building glibc <2.25 with SSP is fraught with difficulty, especially
 	# due to __stack_chk_fail_local which would mean significant changes
 	# to the glibc build process. See bug #94325 #293721
 	# Note we have to handle both user-given CFLAGS and gcc defaults via
@@ -262,7 +262,9 @@ setup_flags() {
 	# added before user flags, and we can't just filter-flags because
 	# _filter_hardened doesn't support globs.
 	filter-flags -fstack-protector*
-	gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector)
+	if ! version_is_at_least 2.25 ; then
+		tc-enables-ssp && append-flags $(test-flags -fno-stack-protector)
+	fi
 
 	if use hardened && gcc-specs-pie ; then
 		# Force PIC macro definition for all compilations since they're all
@@ -783,6 +785,10 @@ glibc_do_configure() {
 		myconf+=( --enable-old-ssp-compat )
 	fi
 
+	if version_is_at_least 2.25 ; then
+		myconf+=( --enable-stack-protector=all )
+	fi
+
 	[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )
 
 	if [[ $1 == "linuxthreads" ]] ; then
@@ -941,7 +947,7 @@ toolchain-glibc_headers_configure() {
 		libc_cv_mlong_double_128ibm=yes
 		libc_cv_ppc_machine=yes
 		libc_cv_ppc_rel16=yes
-		libc_cv_predef_{fortify_source,stack_protector}=no
+		libc_cv_predef_fortify_source=no
 		libc_cv_visibility_attribute=yes
 		libc_cv_z_combreloc=yes
 		libc_cv_z_execstack=yes
@@ -955,6 +961,11 @@ toolchain-glibc_headers_configure() {
 		ac_cv_lib_audit_audit_log_user_avc_message=no
 		ac_cv_lib_cap_cap_init=no
 	)
+	if ! version_is_at_least 2.25 ; then
+		vars+=(
+			libc_cv_predef_stack_protector=no
+		)
+	fi
 	einfo "Forcing cached settings:"
 	for v in "${vars[@]}" ; do
 		einfo " ${v}"

diff --git a/sys-libs/glibc/glibc-2.25-r1.ebuild b/sys-libs/glibc/glibc-2.25-r1.ebuild
index f8e505dcec9..5850d7d32c4 100644
--- a/sys-libs/glibc/glibc-2.25-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.25-r1.ebuild
@@ -137,11 +137,6 @@ src_prepare() {
 				-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
 				debug/Makefile || die
 		fi
-
-		# Build various bits with ssp-all
-		sed -i \
-			-e 's:-fstack-protector$:-fstack-protector-all:' \
-			*/Makefile || die
 	fi
 
 	case $(gcc-fullversion) in

diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index 950b62b89ac..4b4945c04f7 100644
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -135,10 +135,5 @@ src_prepare() {
 				-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
 				debug/Makefile || die
 		fi
-
-		# Build various bits with ssp-all
-		sed -i \
-			-e 's:-fstack-protector$:-fstack-protector-all:' \
-			*/Makefile || die
 	fi
 }

[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/

[Sergei Trofimovich]

commit:     604495b43aa4a5b7aed2044b84ca0d88e600d1df
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 10 09:45:39 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Sep 10 10:12:18 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=604495b4

glibc: disable stack protector on ARCH=ppc

Currently gcc on powerpc32 generates invalid code for
__builtin_return_address(0) calls. Normally programs
don't do that but malloc() hooks in glibc do:

Bug: https://gcc.gnu.org/PR81996
Bug: https://bugs.gentoo.org/629054
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 eclass/toolchain-glibc.eclass       | 14 +++++++++++++-
 sys-libs/glibc/glibc-2.26-r1.ebuild | 14 +++++++++++++-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass
index 33f27ccf46e..98e394659cf 100644
--- a/eclass/toolchain-glibc.eclass
+++ b/eclass/toolchain-glibc.eclass
@@ -795,7 +795,19 @@ glibc_do_configure() {
 	fi
 
 	if version_is_at_least 2.25 ; then
-		myconf+=( --enable-stack-protector=all )
+		case ${CTARGET} in
+			powerpc-*)
+				# Currently gcc on powerpc32 generates invalid code for
+				# __builtin_return_address(0) calls. Normally programs
+				# don't do that but malloc hooks in glibc do:
+				# https://gcc.gnu.org/PR81996
+				# https://bugs.gentoo.org/629054
+				myconf+=( --enable-stack-protector=no )
+				;;
+			*)
+				myconf+=( --enable-stack-protector=all )
+				;;
+		esac
 	fi
 
 	if version_is_at_least 2.25 ; then

diff --git a/sys-libs/glibc/glibc-2.26-r1.ebuild b/sys-libs/glibc/glibc-2.26-r1.ebuild
index fbe7444f948..b852aba96bc 100644
--- a/sys-libs/glibc/glibc-2.26-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.26-r1.ebuild
@@ -315,7 +315,19 @@ glibc_do_configure() {
 	[[ -d ports ]] && addons+=",ports"
 	popd > /dev/null
 
-	myconf+=( --enable-stack-protector=all )
+	case ${CTARGET} in
+		powerpc-*)
+			# Currently gcc on powerpc32 generates invalid code for
+			# __builtin_return_address(0) calls. Normally programs
+			# don't do that but malloc hooks in glibc do:
+			# https://gcc.gnu.org/PR81996
+			# https://bugs.gentoo.org/629054
+			myconf+=( --enable-stack-protector=no )
+			;;
+		*)
+			myconf+=( --enable-stack-protector=all )
+			;;
+	esac
 	myconf+=( --enable-stackguard-randomization )
 
 	[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )

[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/

[Sergei Trofimovich]

commit:     b14c692fa08dc7bc53a81d32d36ddb1231769040
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  5 22:19:47 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Dec  6 22:15:25 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b14c692f

sys-libs/glibc: disable stack protection by default on mips* targets

Otherwise dlopen() crashes (found on 'top' from 'procps' package).

Original backtrace from qemu-mipsn32 (fails the same way on native host):

```
Program received signal SIGSEGV, Segmentation fault.
0x408cb908 in _dlerror_run (operate=operate <AT> entry=0x408cadf0 <dlopen_doit>, args=args@entry=0x407feb28) at dlerror.c:163
163       result->errcode = _dl_catch_error (&result->objname, &result->errstring,
(gdb) bt
 #0  0x408cb908 in _dlerror_run (operate=operate <AT> entry=0x408cadf0 <dlopen_doit>, args=args@entry=0x407feb28) at dlerror.c:163
 #1  0x408caf4c in __dlopen (file=file <AT> entry=0x10012d58 "libnuma.so", mode=mode@entry=1) at dlopen.c:87
 #2  0x1000306c in before (me=0x407ff382 "/usr/mips64-unknown-linux-gnu/usr/bin/top") at top/top.c:3308
 #3  0x10001a10 in main (dont_care_argc=<optimized out>, argv=0x407ff1a4) at top/top.c:5721
```

Reported-by: Matt Turner
Bug: https://bugs.gentoo.org/640130
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 eclass/toolchain-glibc.eclass       | 5 +++++
 sys-libs/glibc/glibc-2.26-r3.ebuild | 5 +++++
 sys-libs/glibc/glibc-9999.ebuild    | 5 +++++
 3 files changed, 15 insertions(+)

diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass
index e9cf01cf8c2..6580be2fb1e 100644
--- a/eclass/toolchain-glibc.eclass
+++ b/eclass/toolchain-glibc.eclass
@@ -796,6 +796,11 @@ glibc_do_configure() {
 
 	if version_is_at_least 2.25 ; then
 		case ${CTARGET} in
+			mips*)
+				# dlopen() detects stack smash on mips n32 ABI.
+				# Cause is unknown: https://bugs.gentoo.org/640130
+				myconf+=( --enable-stack-protector=no )
+				;;
 			powerpc-*)
 				# Currently gcc on powerpc32 generates invalid code for
 				# __builtin_return_address(0) calls. Normally programs

diff --git a/sys-libs/glibc/glibc-2.26-r3.ebuild b/sys-libs/glibc/glibc-2.26-r3.ebuild
index c2f06079940..0edb97902c8 100644
--- a/sys-libs/glibc/glibc-2.26-r3.ebuild
+++ b/sys-libs/glibc/glibc-2.26-r3.ebuild
@@ -316,6 +316,11 @@ glibc_do_configure() {
 	popd > /dev/null
 
 	case ${CTARGET} in
+		mips*)
+			# dlopen() detects stack smash on mips n32 ABI.
+			# Cause is unknown: https://bugs.gentoo.org/640130
+			myconf+=( --enable-stack-protector=no )
+			;;
 		powerpc-*)
 			# Currently gcc on powerpc32 generates invalid code for
 			# __builtin_return_address(0) calls. Normally programs

diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index 60b17cfe67b..e29a0778fd5 100644
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -316,6 +316,11 @@ glibc_do_configure() {
 	local myconf=()
 
 	case ${CTARGET} in
+		mips*)
+			# dlopen() detects stack smash on mips n32 ABI.
+			# Cause is unknown: https://bugs.gentoo.org/640130
+			myconf+=( --enable-stack-protector=no )
+			;;
 		powerpc-*)
 			# Currently gcc on powerpc32 generates invalid code for
 			# __builtin_return_address(0) calls. Normally programs