[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/
commit: b14c692fa08dc7bc53a81d32d36ddb1231769040 Author: Sergei Trofimovich gentoo org> AuthorDate: Tue Dec 5 22:19:47 2017 + Commit: Sergei Trofimovich gentoo org> CommitDate: Wed Dec 6 22:15:25 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b14c692f sys-libs/glibc: disable stack protection by default on mips* targets Otherwise dlopen() crashes (found on 'top' from 'procps' package). Original backtrace from qemu-mipsn32 (fails the same way on native host): ``` Program received signal SIGSEGV, Segmentation fault. 0x408cb908 in _dlerror_run (operate=operate entry=0x408cadf0 , args=args@entry=0x407feb28) at dlerror.c:163 163 result->errcode = _dl_catch_error (&result->objname, &result->errstring, (gdb) bt #0 0x408cb908 in _dlerror_run (operate=operate entry=0x408cadf0 , args=args@entry=0x407feb28) at dlerror.c:163 #1 0x408caf4c in __dlopen (file=file entry=0x10012d58 "libnuma.so", mode=mode@entry=1) at dlopen.c:87 #2 0x1000306c in before (me=0x407ff382 "/usr/mips64-unknown-linux-gnu/usr/bin/top") at top/top.c:3308 #3 0x10001a10 in main (dont_care_argc=, argv=0x407ff1a4) at top/top.c:5721 ``` Reported-by: Matt Turner Bug: https://bugs.gentoo.org/640130 Signed-off-by: Sergei Trofimovich gentoo.org> eclass/toolchain-glibc.eclass | 5 + sys-libs/glibc/glibc-2.26-r3.ebuild | 5 + sys-libs/glibc/glibc-.ebuild| 5 + 3 files changed, 15 insertions(+) diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass index e9cf01cf8c2..6580be2fb1e 100644 --- a/eclass/toolchain-glibc.eclass +++ b/eclass/toolchain-glibc.eclass @@ -796,6 +796,11 @@ glibc_do_configure() { if version_is_at_least 2.25 ; then case ${CTARGET} in + mips*) + # dlopen() detects stack smash on mips n32 ABI. + # Cause is unknown: https://bugs.gentoo.org/640130 + myconf+=( --enable-stack-protector=no ) + ;; powerpc-*) # Currently gcc on powerpc32 generates invalid code for # __builtin_return_address(0) calls. Normally programs diff --git a/sys-libs/glibc/glibc-2.26-r3.ebuild b/sys-libs/glibc/glibc-2.26-r3.ebuild index c2f06079940..0edb97902c8 100644 --- a/sys-libs/glibc/glibc-2.26-r3.ebuild +++ b/sys-libs/glibc/glibc-2.26-r3.ebuild @@ -316,6 +316,11 @@ glibc_do_configure() { popd > /dev/null case ${CTARGET} in + mips*) + # dlopen() detects stack smash on mips n32 ABI. + # Cause is unknown: https://bugs.gentoo.org/640130 + myconf+=( --enable-stack-protector=no ) + ;; powerpc-*) # Currently gcc on powerpc32 generates invalid code for # __builtin_return_address(0) calls. Normally programs diff --git a/sys-libs/glibc/glibc-.ebuild b/sys-libs/glibc/glibc-.ebuild index 60b17cfe67b..e29a0778fd5 100644 --- a/sys-libs/glibc/glibc-.ebuild +++ b/sys-libs/glibc/glibc-.ebuild @@ -316,6 +316,11 @@ glibc_do_configure() { local myconf=() case ${CTARGET} in + mips*) + # dlopen() detects stack smash on mips n32 ABI. + # Cause is unknown: https://bugs.gentoo.org/640130 + myconf+=( --enable-stack-protector=no ) + ;; powerpc-*) # Currently gcc on powerpc32 generates invalid code for # __builtin_return_address(0) calls. Normally programs
[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/
commit: 604495b43aa4a5b7aed2044b84ca0d88e600d1df Author: Sergei Trofimovich gentoo org> AuthorDate: Sun Sep 10 09:45:39 2017 + Commit: Sergei Trofimovich gentoo org> CommitDate: Sun Sep 10 10:12:18 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=604495b4 glibc: disable stack protector on ARCH=ppc Currently gcc on powerpc32 generates invalid code for __builtin_return_address(0) calls. Normally programs don't do that but malloc() hooks in glibc do: Bug: https://gcc.gnu.org/PR81996 Bug: https://bugs.gentoo.org/629054 Signed-off-by: Sergei Trofimovich gentoo.org> eclass/toolchain-glibc.eclass | 14 +- sys-libs/glibc/glibc-2.26-r1.ebuild | 14 +- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass index 33f27ccf46e..98e394659cf 100644 --- a/eclass/toolchain-glibc.eclass +++ b/eclass/toolchain-glibc.eclass @@ -795,7 +795,19 @@ glibc_do_configure() { fi if version_is_at_least 2.25 ; then - myconf+=( --enable-stack-protector=all ) + case ${CTARGET} in + powerpc-*) + # Currently gcc on powerpc32 generates invalid code for + # __builtin_return_address(0) calls. Normally programs + # don't do that but malloc hooks in glibc do: + # https://gcc.gnu.org/PR81996 + # https://bugs.gentoo.org/629054 + myconf+=( --enable-stack-protector=no ) + ;; + *) + myconf+=( --enable-stack-protector=all ) + ;; + esac fi if version_is_at_least 2.25 ; then diff --git a/sys-libs/glibc/glibc-2.26-r1.ebuild b/sys-libs/glibc/glibc-2.26-r1.ebuild index fbe7444f948..b852aba96bc 100644 --- a/sys-libs/glibc/glibc-2.26-r1.ebuild +++ b/sys-libs/glibc/glibc-2.26-r1.ebuild @@ -315,7 +315,19 @@ glibc_do_configure() { [[ -d ports ]] && addons+=",ports" popd > /dev/null - myconf+=( --enable-stack-protector=all ) + case ${CTARGET} in + powerpc-*) + # Currently gcc on powerpc32 generates invalid code for + # __builtin_return_address(0) calls. Normally programs + # don't do that but malloc hooks in glibc do: + # https://gcc.gnu.org/PR81996 + # https://bugs.gentoo.org/629054 + myconf+=( --enable-stack-protector=no ) + ;; + *) + myconf+=( --enable-stack-protector=all ) + ;; + esac myconf+=( --enable-stackguard-randomization ) [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )
[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, eclass/
commit: 9fe8087634d878eeed259019bf6f3eb19ef209b8 Author: Arfrever Frehtes Taifersar Arahesis Apache Org> AuthorDate: Wed Jun 14 14:31:44 2017 + Commit: Matthias Maier gentoo org> CommitDate: Fri Jun 16 08:23:34 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fe80876 toolchain-glibc.eclass: Build most of >=sys-libs/glibc-2.25 with -fstack-protector-all (bug #609048). configure accepts --enable-stack-protector=... option which results in build system passing appropriate -fstack-protector... option when possible. Signed-off-by: Matthias Maier gentoo.org> eclass/toolchain-glibc.eclass | 17 ++--- sys-libs/glibc/glibc-2.25-r1.ebuild | 5 - sys-libs/glibc/glibc-.ebuild| 5 - 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass index ef9d91acaed..eba829cd2f6 100644 --- a/eclass/toolchain-glibc.eclass +++ b/eclass/toolchain-glibc.eclass @@ -254,7 +254,7 @@ setup_flags() { # this flag for us, so no need to do it manually. version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE - # building glibc with SSP is fraught with difficulty, especially + # building glibc <2.25 with SSP is fraught with difficulty, especially # due to __stack_chk_fail_local which would mean significant changes # to the glibc build process. See bug #94325 #293721 # Note we have to handle both user-given CFLAGS and gcc defaults via @@ -262,7 +262,9 @@ setup_flags() { # added before user flags, and we can't just filter-flags because # _filter_hardened doesn't support globs. filter-flags -fstack-protector* - gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector) + if ! version_is_at_least 2.25 ; then + tc-enables-ssp && append-flags $(test-flags -fno-stack-protector) + fi if use hardened && gcc-specs-pie ; then # Force PIC macro definition for all compilations since they're all @@ -783,6 +785,10 @@ glibc_do_configure() { myconf+=( --enable-old-ssp-compat ) fi + if version_is_at_least 2.25 ; then + myconf+=( --enable-stack-protector=all ) + fi + [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp ) if [[ $1 == "linuxthreads" ]] ; then @@ -941,7 +947,7 @@ toolchain-glibc_headers_configure() { libc_cv_mlong_double_128ibm=yes libc_cv_ppc_machine=yes libc_cv_ppc_rel16=yes - libc_cv_predef_{fortify_source,stack_protector}=no + libc_cv_predef_fortify_source=no libc_cv_visibility_attribute=yes libc_cv_z_combreloc=yes libc_cv_z_execstack=yes @@ -955,6 +961,11 @@ toolchain-glibc_headers_configure() { ac_cv_lib_audit_audit_log_user_avc_message=no ac_cv_lib_cap_cap_init=no ) + if ! version_is_at_least 2.25 ; then + vars+=( + libc_cv_predef_stack_protector=no + ) + fi einfo "Forcing cached settings:" for v in "${vars[@]}" ; do einfo " ${v}" diff --git a/sys-libs/glibc/glibc-2.25-r1.ebuild b/sys-libs/glibc/glibc-2.25-r1.ebuild index f8e505dcec9..5850d7d32c4 100644 --- a/sys-libs/glibc/glibc-2.25-r1.ebuild +++ b/sys-libs/glibc/glibc-2.25-r1.ebuild @@ -137,11 +137,6 @@ src_prepare() { -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ debug/Makefile || die fi - - # Build various bits with ssp-all - sed -i \ - -e 's:-fstack-protector$:-fstack-protector-all:' \ - */Makefile || die fi case $(gcc-fullversion) in diff --git a/sys-libs/glibc/glibc-.ebuild b/sys-libs/glibc/glibc-.ebuild index 950b62b89ac..4b4945c04f7 100644 --- a/sys-libs/glibc/glibc-.ebuild +++ b/sys-libs/glibc/glibc-.ebuild @@ -135,10 +135,5 @@ src_prepare() { -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ debug/Makefile || die fi - - # Build various bits with ssp-all - sed -i \ - -e 's:-fstack-protector$:-fstack-protector-all:' \ - */Makefile || die fi }