[Lunar-commits] <moonbase-core> glibc: version bumped to 2.20
Stefan Wold
ratler at lunar-linux.org
Mon Oct 27 22:27:14 CET 2014
commit 4623cd09463db783e63ae4bd9be8f366fa826ab5
Author: Stefan Wold <ratler at lunar-linux.org>
Date: Wed, 15 Oct 2014 20:10:06 +0200
URL: https://github.com/lunar-linux/moonbase-core/commit/4623cd09463db783e63ae4bd9be8f366fa826ab5
glibc: version bumped to 2.20
Build glibc tools with enhardening to align with the rest of the
1.7.0 ISO.
---
libs/glibc/BUILD | +19/-5
libs/glibc/BUILD.x86_64 | +16/-5
libs/glibc/DETAILS | +11/-5
libs/glibc/PRE_BUILD | +7/-2
4 files changed, 53 insertions(+), 17 deletions(-)
--- a/libs/glibc/BUILD
+++ b/libs/glibc/BUILD
@@ -1,14 +1,13 @@
-
# The fortify compiler option cause the build to fail
- bad_flags -D_FORTIFY_SOURCE=2 &&
+ bad_flags -D_FORTIFY_SOURCE=2 -fstack-protector-strong &&
+
+ # Fix NPTL issues with Xen on i686
+ export CFLAGS+=" -mno-tls-direct-seg-refs" &&
mkdir -p $SOURCE_DIRECTORY/tmp &&
export CC_OPTS=( Pipe ) &&
- # There is no other option but nptl
- OPTS+=" --enable-add-ons=nptl,libidn --with-__thread --with-tls --disable-profile --enable-kernel=2.6.32 --with-headers=/usr/include" &&
-
if [ -n "$MAKES" ] && [ "$MAKES" -gt 1 ] ; then
sedit "s/# PARALLELMFLAGS = -j 4/PARALLELMFLAGS = -j $MAKES/" Makefile.in
fi &&
@@ -36,9 +35,24 @@
--build=$BUILD \
--enable-obsolete-rpc \
--disable-multi-arch \
+ --enable-add-ons \
+ --with-__thread \
+ --with-tls \
+ --disable-profile \
--enable-bind-now \
+ --enable-kernel=2.6.32 \
+ --with-headers=/usr/include \
--enable-stackguard-randomization \
$OPTS &&
+
+ # build libraries with hardening disabled
+ echo "build-programs=no" >> configparms &&
+ make &&
+
+ # Re-enable hardening
+ sedit '/build-programs=/s;no;yes;' configparms &&
+ echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms &&
+ echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms &&
make &&
# Preserve the old glibc temporarily
--- a/libs/glibc/BUILD.x86_64
+++ b/libs/glibc/BUILD.x86_64
@@ -1,13 +1,10 @@
# The fortify compiler option cause the build to fail
- bad_flags -D_FORTIFY_SOURCE=2 &&
+ bad_flags -D_FORTIFY_SOURCE=2 -fstack-protector-strong &&
mkdir -p $SOURCE_DIRECTORY/tmp &&
export CC_OPTS=( Pipe ) &&
- # There is no other option but nptl
- OPTS+=" --enable-add-ons=nptl,libidn --with-__thread --with-tls --disable-profile --enable-kernel=2.6.32 --with-headers=/usr/include" &&
-
if [ -n "$MAKES" ] && [ "$MAKES" -gt 1 ] ; then
sedit "s/# PARALLELMFLAGS = -j 4/PARALLELMFLAGS = -j $MAKES/" Makefile.in
fi &&
@@ -36,10 +33,24 @@
--build=$BUILD \
--disable-multi-arch \
--enable-bind-now \
+ --enable-add-ons \
+ --with-__thread \
+ --with-tls \
+ --disable-profile \
+ --enable-bind-now \
+ --enable-kernel=2.6.32 \
+ --with-headers=/usr/include \
--enable-stackguard-randomization \
$OPTS &&
- # explicitly exit here since the following code unsets $?
+ # build libraries with hardening disabled
+ echo "build-programs=no" >> configparms &&
+ make &&
+
+ # Re-enable hardening
+ sedit '/build-programs=/s;no;yes;' configparms &&
+ echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms &&
+ echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms &&
make &&
# Preserve the old glibc temporarily
--- a/libs/glibc/DETAILS
+++ b/libs/glibc/DETAILS
@@ -1,20 +1,26 @@
MODULE=glibc
- VERSION=2.19
+ VERSION=2.20
MAJOR=${VERSION::4}
SOURCE=$MODULE-$VERSION.tar.xz
SOURCE2=$MODULE-2.18-no_timezones.patch
- SOURCE3=glibc-2.18-xattr-compat-hack.patch
+ SOURCE3=glibc-2.20-getifaddrs_internal-segfault.patch
+ SOURCE4=glibc-2.20-linux-3.16-additions.patch
+ SOURCE5=glibc-2.20-do_ftell_wide-memleak.patch
SOURCE_URL[0]=$GNU_URL/$MODULE
SOURCE_URL[1]=ftp://ftp.gnu.org/pub/gnu/$MODULE
SOURCE_URL[2]=http://www.mirrorservice.org/sites/ftp.gnu.org/gnu/glibc
SOURCE2_URL=$PATCH_URL
SOURCE3_URL=$PATCH_URL
- SOURCE_VFY=sha1:b29e1f94b8a32e283e1cb66c9a913950c496fb51
+ SOURCE4_URL=$PATCH_URL
+ SOURCE5_URL=$PATCH_URL
+ SOURCE_VFY=sha256:f84b6d42aecc288d593c397b0a3d02260a33ee686bce0c634eb9b32798f36ba5
SOURCE2_VFY=sha1:86c3b8d2424a27e05937b50fb545b250834b69a9
- SOURCE3_VFY=sha1:fb080732c00d111cd4e985b4f3dbb49c58caa891
+ SOURCE3_VFY=sha256:251a1c9728ca2673fbd24fce86c3183ca685b3c23208dca6801ee139ad74ade0
+ SOURCE4_VFY=sha256:a992990e580c2b19bb269c05628b6b02855d019ffc0bb3e477454862c1235263
+ SOURCE5_VFY=sha256:5bd2edb32b608bc49f51219a6851ecb28d244a0ac8981afe718a6324afacdf8b
WEB_SITE=http://www.gnu.org/software/libc
ENTERED=20010922
- UPDATED=20140407
+ UPDATED=20141012
SHORT="C library for use with GNU/Hurd and GNU/Linux"
PSAFE=no
--- a/libs/glibc/PRE_BUILD
+++ b/libs/glibc/PRE_BUILD
@@ -2,5 +2,10 @@ default_pre_build &&
sedit 's@^#\s*warning \+_FORTIFY_SOURCE requires compiling with optimization.*$@/* Disabled by lunar as there is no better solution: \0*/@' include/features.h &&
-patch_it $SOURCE2 1
-patch_it $SOURCE3 1
+patch_it $SOURCE2 1 &&
+# fix for segfault, https://sourceware.org/ml/libc-alpha/2014-09/msg00312.html
+patch_it $SOURCE3 1 &&
+# kernel 3.16 additions
+patch_it $SOURCE4 1 &&
+# fix memory leak
+patch_it $SOURCE5 1
More information about the Lunar-commits
mailing list