From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A7FA1138334 for ; Fri, 14 Dec 2018 21:51:58 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 827D5E0958; Fri, 14 Dec 2018 21:51:57 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4CB48E0958 for ; Fri, 14 Dec 2018 21:51:57 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 32D07335C8D for ; Fri, 14 Dec 2018 21:51:54 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 73948448 for ; Fri, 14 Dec 2018 21:51:52 +0000 (UTC) From: "Andreas K. Hüttel" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andreas K. Hüttel" Message-ID: <1544824307.6f365e6c16c0ee4917c070c2fad7107b93559b5c.dilfridge@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-libs/glibc/glibc-2.28-r3.ebuild sys-libs/glibc/glibc-9999.ebuild X-VCS-Directories: sys-libs/glibc/ X-VCS-Committer: dilfridge X-VCS-Committer-Name: Andreas K. Hüttel X-VCS-Revision: 6f365e6c16c0ee4917c070c2fad7107b93559b5c X-VCS-Branch: master Date: Fri, 14 Dec 2018 21:51:52 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: d5c1215c-8173-49ec-aa7c-b41be9a04029 X-Archives-Hash: dc95134c16f9c4e2383c84c5b79c2697 commit: 6f365e6c16c0ee4917c070c2fad7107b93559b5c Author: Andreas K. Hüttel gentoo org> AuthorDate: Fri Dec 14 21:51:29 2018 +0000 Commit: Andreas K. Hüttel gentoo org> CommitDate: Fri Dec 14 21:51:47 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f365e6c sys-libs/glibc: Drop old hardened support (suggested by zorry) Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Andreas K. Hüttel gentoo.org> sys-libs/glibc/glibc-2.28-r3.ebuild | 24 +++++------------------- sys-libs/glibc/glibc-9999.ebuild | 24 +++++------------------- 2 files changed, 10 insertions(+), 38 deletions(-) diff --git a/sys-libs/glibc/glibc-2.28-r3.ebuild b/sys-libs/glibc/glibc-2.28-r3.ebuild index 34522b3ba24..0f66eb86043 100644 --- a/sys-libs/glibc/glibc-2.28-r3.ebuild +++ b/sys-libs/glibc/glibc-2.28-r3.ebuild @@ -33,7 +33,7 @@ PATCH_VER=5 SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.xz" SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-multilib-bootstrap-${GCC_BOOTSTRAP_VER}.tar.xz )" -IUSE="audit caps cet compile-locales doc gd hardened headers-only +multiarch multilib nscd profile selinux suid systemtap test vanilla" +IUSE="audit caps cet compile-locales doc gd headers-only +multiarch multilib nscd profile selinux suid systemtap test vanilla" # Minimum kernel version that glibc requires MIN_KERN_VER="3.2.0" @@ -61,7 +61,8 @@ if [[ ${CTARGET} == ${CHOST} ]] ; then fi # We need a new-enough binutils/gcc to match upstream baseline. -# Also we need to make sure our binutils/gcc supports TLS. +# Also we need to make sure our binutils/gcc supports TLS, +# and that gcc already contains the hardened patches. COMMON_DEPEND=" nscd? ( selinux? ( audit? ( sys-process/audit ) @@ -91,13 +92,13 @@ RDEPEND="${COMMON_DEPEND} if [[ ${CATEGORY} == cross-* ]] ; then DEPEND+=" !headers-only? ( >=${CATEGORY}/binutils-2.24 - >=${CATEGORY}/gcc-4.9 + >=${CATEGORY}/gcc-6 )" [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" else DEPEND+=" >=sys-devel/binutils-2.24 - >=sys-devel/gcc-4.9 + >=sys-devel/gcc-6 virtual/os-headers " RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" @@ -371,21 +372,6 @@ setup_flags() { append-flags -O2 -fno-strict-aliasing filter-flags '-fstack-protector*' - - # Starting with gcc-6 (and fully upstreamed pie patches) we control - # default enabled/disabled pie via use flags. So nothing to do - # here then. #618160 - if [[ $(gcc-major-version) -lt 6 ]]; then - if use hardened && tc-enables-pie ; then - # Force PIC macro definition for all compilations since they're all - # either -fPIC or -fPIE with the default-PIE compiler. - append-cppflags -DPIC - else - # Don't build -fPIE without the default-PIE compiler and the - # hardened-pie patch - filter-flags -fPIE - fi - fi } want_tls() { diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild index c7e85a20715..b8e90784630 100644 --- a/sys-libs/glibc/glibc-9999.ebuild +++ b/sys-libs/glibc/glibc-9999.ebuild @@ -33,7 +33,7 @@ PATCH_VER=9 SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.xz" SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-multilib-bootstrap-${GCC_BOOTSTRAP_VER}.tar.xz )" -IUSE="audit caps cet compile-locales doc gd hardened headers-only +multiarch multilib nscd profile selinux suid systemtap test vanilla" +IUSE="audit caps cet compile-locales doc gd headers-only +multiarch multilib nscd profile selinux suid systemtap test vanilla" # Minimum kernel version that glibc requires MIN_KERN_VER="3.2.0" @@ -61,7 +61,8 @@ if [[ ${CTARGET} == ${CHOST} ]] ; then fi # We need a new-enough binutils/gcc to match upstream baseline. -# Also we need to make sure our binutils/gcc supports TLS. +# Also we need to make sure our binutils/gcc supports TLS, +# and that gcc already contains the hardened patches. COMMON_DEPEND=" nscd? ( selinux? ( audit? ( sys-process/audit ) @@ -91,13 +92,13 @@ RDEPEND="${COMMON_DEPEND} if [[ ${CATEGORY} == cross-* ]] ; then DEPEND+=" !headers-only? ( >=${CATEGORY}/binutils-2.24 - >=${CATEGORY}/gcc-4.9 + >=${CATEGORY}/gcc-6 )" [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" else DEPEND+=" >=sys-devel/binutils-2.24 - >=sys-devel/gcc-4.9 + >=sys-devel/gcc-6 virtual/os-headers " RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" @@ -371,21 +372,6 @@ setup_flags() { append-flags -O2 -fno-strict-aliasing filter-flags '-fstack-protector*' - - # Starting with gcc-6 (and fully upstreamed pie patches) we control - # default enabled/disabled pie via use flags. So nothing to do - # here then. #618160 - if [[ $(gcc-major-version) -lt 6 ]]; then - if use hardened && tc-enables-pie ; then - # Force PIC macro definition for all compilations since they're all - # either -fPIC or -fPIE with the default-PIE compiler. - append-cppflags -DPIC - else - # Don't build -fPIE without the default-PIE compiler and the - # hardened-pie patch - filter-flags -fPIE - fi - fi } want_tls() {