[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/

2017-12-06 Thread Sergei Trofimovich 
commit: b14c692fa08dc7bc53a81d32d36ddb1231769040
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Tue Dec  5 22:19:47 2017 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Wed Dec  6 22:15:25 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b14c692f

sys-libs/glibc: disable stack protection by default on mips* targets

Otherwise dlopen() crashes (found on 'top' from 'procps' package).

Original backtrace from qemu-mipsn32 (fails the same way on native host):

```
Program received signal SIGSEGV, Segmentation fault.
0x408cb908 in _dlerror_run (operate=operate  entry=0x408cadf0 
, args=args@entry=0x407feb28) at dlerror.c:163
163   result->errcode = _dl_catch_error (&result->objname, 
&result->errstring,
(gdb) bt
 #0  0x408cb908 in _dlerror_run (operate=operate  entry=0x408cadf0 
, args=args@entry=0x407feb28) at dlerror.c:163
 #1  0x408caf4c in __dlopen (file=file  entry=0x10012d58 "libnuma.so", 
mode=mode@entry=1) at dlopen.c:87
 #2  0x1000306c in before (me=0x407ff382 
"/usr/mips64-unknown-linux-gnu/usr/bin/top") at top/top.c:3308
 #3  0x10001a10 in main (dont_care_argc=, argv=0x407ff1a4) at 
top/top.c:5721
```

Reported-by: Matt Turner
Bug: https://bugs.gentoo.org/640130
Signed-off-by: Sergei Trofimovich  gentoo.org>

 eclass/toolchain-glibc.eclass   | 5 +
 sys-libs/glibc/glibc-2.26-r3.ebuild | 5 +
 sys-libs/glibc/glibc-.ebuild| 5 +
 3 files changed, 15 insertions(+)

diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass
index e9cf01cf8c2..6580be2fb1e 100644
--- a/eclass/toolchain-glibc.eclass
+++ b/eclass/toolchain-glibc.eclass
@@ -796,6 +796,11 @@ glibc_do_configure() {
 
if version_is_at_least 2.25 ; then
case ${CTARGET} in
+   mips*)
+   # dlopen() detects stack smash on mips n32 ABI.
+   # Cause is unknown: 
https://bugs.gentoo.org/640130
+   myconf+=( --enable-stack-protector=no )
+   ;;
powerpc-*)
# Currently gcc on powerpc32 generates invalid 
code for
# __builtin_return_address(0) calls. Normally 
programs

diff --git a/sys-libs/glibc/glibc-2.26-r3.ebuild 
b/sys-libs/glibc/glibc-2.26-r3.ebuild
index c2f06079940..0edb97902c8 100644
--- a/sys-libs/glibc/glibc-2.26-r3.ebuild
+++ b/sys-libs/glibc/glibc-2.26-r3.ebuild
@@ -316,6 +316,11 @@ glibc_do_configure() {
popd > /dev/null
 
case ${CTARGET} in
+   mips*)
+   # dlopen() detects stack smash on mips n32 ABI.
+   # Cause is unknown: https://bugs.gentoo.org/640130
+   myconf+=( --enable-stack-protector=no )
+   ;;
powerpc-*)
# Currently gcc on powerpc32 generates invalid code for
# __builtin_return_address(0) calls. Normally programs

diff --git a/sys-libs/glibc/glibc-.ebuild b/sys-libs/glibc/glibc-.ebuild
index 60b17cfe67b..e29a0778fd5 100644
--- a/sys-libs/glibc/glibc-.ebuild
+++ b/sys-libs/glibc/glibc-.ebuild
@@ -316,6 +316,11 @@ glibc_do_configure() {
local myconf=()
 
case ${CTARGET} in
+   mips*)
+   # dlopen() detects stack smash on mips n32 ABI.
+   # Cause is unknown: https://bugs.gentoo.org/640130
+   myconf+=( --enable-stack-protector=no )
+   ;;
powerpc-*)
# Currently gcc on powerpc32 generates invalid code for
# __builtin_return_address(0) calls. Normally programs

[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/

2017-09-10 Thread Sergei Trofimovich 
commit: 604495b43aa4a5b7aed2044b84ca0d88e600d1df
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Sun Sep 10 09:45:39 2017 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Sun Sep 10 10:12:18 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=604495b4

glibc: disable stack protector on ARCH=ppc

Currently gcc on powerpc32 generates invalid code for
__builtin_return_address(0) calls. Normally programs
don't do that but malloc() hooks in glibc do:

Bug: https://gcc.gnu.org/PR81996
Bug: https://bugs.gentoo.org/629054
Signed-off-by: Sergei Trofimovich  gentoo.org>

 eclass/toolchain-glibc.eclass   | 14 +-
 sys-libs/glibc/glibc-2.26-r1.ebuild | 14 +-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass
index 33f27ccf46e..98e394659cf 100644
--- a/eclass/toolchain-glibc.eclass
+++ b/eclass/toolchain-glibc.eclass
@@ -795,7 +795,19 @@ glibc_do_configure() {
fi
 
if version_is_at_least 2.25 ; then
-   myconf+=( --enable-stack-protector=all )
+   case ${CTARGET} in
+   powerpc-*)
+   # Currently gcc on powerpc32 generates invalid 
code for
+   # __builtin_return_address(0) calls. Normally 
programs
+   # don't do that but malloc hooks in glibc do:
+   # https://gcc.gnu.org/PR81996
+   # https://bugs.gentoo.org/629054
+   myconf+=( --enable-stack-protector=no )
+   ;;
+   *)
+   myconf+=( --enable-stack-protector=all )
+   ;;
+   esac
fi
 
if version_is_at_least 2.25 ; then

diff --git a/sys-libs/glibc/glibc-2.26-r1.ebuild 
b/sys-libs/glibc/glibc-2.26-r1.ebuild
index fbe7444f948..b852aba96bc 100644
--- a/sys-libs/glibc/glibc-2.26-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.26-r1.ebuild
@@ -315,7 +315,19 @@ glibc_do_configure() {
[[ -d ports ]] && addons+=",ports"
popd > /dev/null
 
-   myconf+=( --enable-stack-protector=all )
+   case ${CTARGET} in
+   powerpc-*)
+   # Currently gcc on powerpc32 generates invalid code for
+   # __builtin_return_address(0) calls. Normally programs
+   # don't do that but malloc hooks in glibc do:
+   # https://gcc.gnu.org/PR81996
+   # https://bugs.gentoo.org/629054
+   myconf+=( --enable-stack-protector=no )
+   ;;
+   *)
+   myconf+=( --enable-stack-protector=all )
+   ;;
+   esac
myconf+=( --enable-stackguard-randomization )
 
[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )

[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/

2017-06-16 Thread Matthias Maier 
commit: 9fe8087634d878eeed259019bf6f3eb19ef209b8
Author: Arfrever Frehtes Taifersar Arahesis  Apache  Org>
AuthorDate: Wed Jun 14 14:31:44 2017 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Fri Jun 16 08:23:34 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fe80876

toolchain-glibc.eclass: Build most of >=sys-libs/glibc-2.25 with 
-fstack-protector-all (bug #609048).

configure accepts --enable-stack-protector=... option which results
in build system passing appropriate -fstack-protector... option
when possible.

Signed-off-by: Matthias Maier  gentoo.org>

 eclass/toolchain-glibc.eclass   | 17 ++---
 sys-libs/glibc/glibc-2.25-r1.ebuild |  5 -
 sys-libs/glibc/glibc-.ebuild|  5 -
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass
index ef9d91acaed..eba829cd2f6 100644
--- a/eclass/toolchain-glibc.eclass
+++ b/eclass/toolchain-glibc.eclass
@@ -254,7 +254,7 @@ setup_flags() {
# this flag for us, so no need to do it manually.
version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE
 
-   # building glibc with SSP is fraught with difficulty, especially
+   # building glibc <2.25 with SSP is fraught with difficulty, especially
# due to __stack_chk_fail_local which would mean significant changes
# to the glibc build process. See bug #94325 #293721
# Note we have to handle both user-given CFLAGS and gcc defaults via
@@ -262,7 +262,9 @@ setup_flags() {
# added before user flags, and we can't just filter-flags because
# _filter_hardened doesn't support globs.
filter-flags -fstack-protector*
-   gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector)
+   if ! version_is_at_least 2.25 ; then
+   tc-enables-ssp && append-flags $(test-flags 
-fno-stack-protector)
+   fi
 
if use hardened && gcc-specs-pie ; then
# Force PIC macro definition for all compilations since they're 
all
@@ -783,6 +785,10 @@ glibc_do_configure() {
myconf+=( --enable-old-ssp-compat )
fi
 
+   if version_is_at_least 2.25 ; then
+   myconf+=( --enable-stack-protector=all )
+   fi
+
[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )
 
if [[ $1 == "linuxthreads" ]] ; then
@@ -941,7 +947,7 @@ toolchain-glibc_headers_configure() {
libc_cv_mlong_double_128ibm=yes
libc_cv_ppc_machine=yes
libc_cv_ppc_rel16=yes
-   libc_cv_predef_{fortify_source,stack_protector}=no
+   libc_cv_predef_fortify_source=no
libc_cv_visibility_attribute=yes
libc_cv_z_combreloc=yes
libc_cv_z_execstack=yes
@@ -955,6 +961,11 @@ toolchain-glibc_headers_configure() {
ac_cv_lib_audit_audit_log_user_avc_message=no
ac_cv_lib_cap_cap_init=no
)
+   if ! version_is_at_least 2.25 ; then
+   vars+=(
+   libc_cv_predef_stack_protector=no
+   )
+   fi
einfo "Forcing cached settings:"
for v in "${vars[@]}" ; do
einfo " ${v}"

diff --git a/sys-libs/glibc/glibc-2.25-r1.ebuild 
b/sys-libs/glibc/glibc-2.25-r1.ebuild
index f8e505dcec9..5850d7d32c4 100644
--- a/sys-libs/glibc/glibc-2.25-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.25-r1.ebuild
@@ -137,11 +137,6 @@ src_prepare() {
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c 
= -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
-
-   # Build various bits with ssp-all
-   sed -i \
-   -e 's:-fstack-protector$:-fstack-protector-all:' \
-   */Makefile || die
fi
 
case $(gcc-fullversion) in

diff --git a/sys-libs/glibc/glibc-.ebuild b/sys-libs/glibc/glibc-.ebuild
index 950b62b89ac..4b4945c04f7 100644
--- a/sys-libs/glibc/glibc-.ebuild
+++ b/sys-libs/glibc/glibc-.ebuild
@@ -135,10 +135,5 @@ src_prepare() {
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c 
= -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
-
-   # Build various bits with ssp-all
-   sed -i \
-   -e 's:-fstack-protector$:-fstack-protector-all:' \
-   */Makefile || die
fi
 }