summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDiego Elio Pettenò <flameeyes@gentoo.org>2010-10-31 21:02:33 +0000
committerDiego Elio Pettenò <flameeyes@gentoo.org>2010-10-31 21:02:33 +0000
commit939a9796fa0c1cdeb195f72d4642499a68dcfa5e (patch)
tree9700db61ed69eaadd3ed3f0ddecfda1a388436cd /sys-libs/glibc
parentAdded fix for bug 338499 (OpenIPMIpthread.pc depends on non-existing pthread.... (diff)
downloadhistorical-939a9796fa0c1cdeb195f72d4642499a68dcfa5e.tar.gz
historical-939a9796fa0c1cdeb195f72d4642499a68dcfa5e.tar.bz2
historical-939a9796fa0c1cdeb195f72d4642499a68dcfa5e.zip
Bump glibc version to fully cover the recent security issues.
Package-Manager: portage-2.2.0_alpha2/cvs/Linux x86_64
Diffstat (limited to 'sys-libs/glibc')
-rw-r--r--sys-libs/glibc/ChangeLog9
-rw-r--r--sys-libs/glibc/glibc-2.11.2-r3.ebuild243
-rw-r--r--sys-libs/glibc/glibc-2.12.1-r3.ebuild257
3 files changed, 508 insertions, 1 deletions
diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog
index f996ec9a9e0f..aaa3aa15dee1 100644
--- a/sys-libs/glibc/ChangeLog
+++ b/sys-libs/glibc/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-libs/glibc
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.726 2010/10/30 10:03:24 maekke Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.727 2010/10/31 21:02:33 flameeyes Exp $
+
+*glibc-2.12.1-r3 (31 Oct 2010)
+*glibc-2.11.2-r3 (31 Oct 2010)
+
+ 31 Oct 2010; Diego E. Pettenò <flameeyes@gentoo.org>
+ +glibc-2.11.2-r3.ebuild, +glibc-2.12.1-r3.ebuild:
+ Bump glibc version to fully cover the recent security issues.
30 Oct 2010; Markus Meier <maekke@gentoo.org> glibc-2.11.2-r2.ebuild:
x86 stable, bug #341755
diff --git a/sys-libs/glibc/glibc-2.11.2-r3.ebuild b/sys-libs/glibc/glibc-2.11.2-r3.ebuild
new file mode 100644
index 000000000000..98fce071e579
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.11.2-r3.ebuild
@@ -0,0 +1,243 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.11.2-r3.ebuild,v 1.1 2010/10/31 21:02:33 flameeyes Exp $
+
+inherit eutils versionator libtool toolchain-funcs flag-o-matic gnuconfig multilib
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+RESTRICT="strip" # strip ourself #46186
+EMULTILIB_PKG="true"
+
+# Configuration variables
+if [[ ${PV} == *_p* ]] ; then
+RELEASE_VER=${PV%_p*}
+BRANCH_UPDATE=""
+SNAP_VER=${PV#*_p}
+else
+RELEASE_VER=${PV}
+BRANCH_UPDATE=""
+SNAP_VER=""
+fi
+MANPAGE_VER="" # pregenerated manpages
+INFOPAGE_VER="" # pregenerated infopages
+LIBIDN_VER="" # it's integrated into the main tarball now
+PATCH_VER="6" # Gentoo patchset
+PORTS_VER=${RELEASE_VER%.?} # version of glibc ports addon
+LT_VER="" # version of linuxthreads addon
+NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires
+#LT_KERN_VER=${LT_KERN_VER:-"2.4.1"} # min kernel version linuxthreads requires
+
+IUSE="debug gd glibc-omitfp hardened multilib nls selinux profile vanilla crosscompile_opts_headers-only ${LT_VER:+glibc-compat20 nptl nptlonly}"
+S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}}
+
+# Here's how the cross-compile logic breaks down ...
+# CTARGET - machine that will target the binaries
+# CHOST - machine that will host the binaries
+# CBUILD - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+# CBUILD = CHOST = CTARGET - native build/install
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
+# For install paths:
+# CHOST = CTARGET - install into /
+# CHOST != CTARGET - install into /usr/CTARGET/
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+ export CTARGET=${CATEGORY/cross-}
+ fi
+fi
+
+[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20}
+
+is_crosscompile() {
+ [[ ${CHOST} != ${CTARGET} ]]
+}
+alt_libdir() {
+ if is_crosscompile ; then
+ echo /usr/${CTARGET}/$(get_libdir)
+ else
+ echo /$(get_libdir)
+ fi
+}
+
+if is_crosscompile ; then
+ SLOT="${CTARGET}-2.2"
+else
+ # Why SLOT 2.2 you ask yourself while sippin your tea ?
+ # Everyone knows 2.2 > 0, duh.
+ SLOT="2.2"
+ PROVIDE="virtual/libc"
+fi
+
+# General: We need a new-enough binutils for as-needed
+# arch: we need to make sure our binutils/gcc supports TLS
+DEPEND=">=sys-devel/gcc-3.4.4
+ arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 )
+ x86? ( >=sys-devel/gcc-4.3 )
+ amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 )
+ ppc? ( >=sys-devel/gcc-4.1.0 )
+ ppc64? ( >=sys-devel/gcc-4.1.0 )
+ >=sys-devel/binutils-2.15.94
+ ${LT_VER:+nptl? (} >=sys-kernel/linux-headers-${NPTL_KERN_VER} ${LT_VER:+)}
+ >=sys-devel/gcc-config-1.3.12
+ >=app-misc/pax-utils-0.1.10
+ virtual/os-headers
+ nls? ( sys-devel/gettext )
+ >=sys-apps/sandbox-1.2.18.1-r2
+ !<sys-apps/portage-2.1.2
+ selinux? ( sys-libs/libselinux )"
+RDEPEND="!sys-kernel/ps3-sources
+ nls? ( sys-devel/gettext )
+ selinux? ( sys-libs/libselinux )"
+
+if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+ DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )"
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers"
+else
+ DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )"
+ RDEPEND="${RDEPEND}
+ vanilla? ( !sys-libs/timezone-data )
+ !vanilla? ( sys-libs/timezone-data )"
+fi
+
+SRC_URI=$(
+ upstream_uris() {
+ echo mirror://gnu/glibc/$1 ftp://sources.redhat.com/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
+ }
+ gentoo_uris() {
+ local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
+ devspace=${devspace//HTTP/http://dev.gentoo.org/}
+ echo mirror://gentoo/$1 ${devspace//URI/$1}
+ }
+
+ TARNAME=${PN}
+ if [[ -n ${SNAP_VER} ]] ; then
+ TARNAME="${PN}-${RELEASE_VER}"
+ [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER}
+ upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2
+ else
+ upstream_uris ${TARNAME}-${RELEASE_VER}.tar.bz2
+ fi
+ [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2
+ [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.bz2
+ [[ -n ${LT_VER} ]] && upstream_uris ${TARNAME}-linuxthreads-${LT_VER}.tar.bz2
+ [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+ [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
+ [[ -n ${MANPAGE_VER} ]] && gentoo_uris glibc-manpages-${MANPAGE_VER}.tar.bz2
+ [[ -n ${INFOPAGE_VER} ]] && gentoo_uris glibc-infopages-${INFOPAGE_VER}.tar.bz2
+)
+
+# eblit-include [--skip] <function> [version]
+eblit-include() {
+ local skipable=false
+ [[ $1 == "--skip" ]] && skipable=true && shift
+ [[ $1 == pkg_* ]] && skipable=true
+
+ local e v func=$1 ver=$2
+ [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
+ for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
+ e="${FILESDIR}/eblits/${func}${v}.eblit"
+ if [[ -e ${e} ]] ; then
+ source "${e}"
+ return 0
+ fi
+ done
+ ${skipable} && return 0
+ die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
+}
+
+# eblit-run-maybe <function>
+# run the specified function if it is defined
+eblit-run-maybe() {
+ [[ $(type -t "$@") == "function" ]] && "$@"
+}
+
+# eblit-run <function> [version]
+# aka: src_unpack() { eblit-run src_unpack ; }
+eblit-run() {
+ eblit-include --skip common "${*:2}"
+ eblit-include "$@"
+ eblit-run-maybe eblit-$1-pre
+ eblit-${PN}-$1
+ eblit-run-maybe eblit-$1-post
+}
+
+src_unpack() { eblit-run src_unpack ; }
+src_compile() { eblit-run src_compile ; }
+src_test() { eblit-run src_test ; }
+src_install() { eblit-run src_install ; }
+
+# FILESDIR might not be available during binpkg install
+for x in setup {pre,post}inst ; do
+ e="${FILESDIR}/eblits/pkg_${x}.eblit"
+ if [[ -e ${e} ]] ; then
+ . "${e}"
+ eval "pkg_${x}() { eblit-run pkg_${x} ; }"
+ fi
+done
+
+eblit-src_unpack-post() {
+ if use hardened ; then
+ cd "${S}"
+ einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+ gcc-specs-pie && epatch "${FILESDIR}"/2.11/glibc-2.11-hardened-pie.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
+
+ einfo "Patching Glibc to support older SSP __guard"
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-ssp-compat.patch
+
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
+ cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
+ debug/stack_chk_fail.c || die
+ cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \
+ debug/chk_fail.c || die
+
+ if use debug ; then
+ # When using Hardened Gentoo stack handler, have smashes dump core for
+ # analysis - debug only, as core could be an information leak
+ # (paranoia).
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug stack handler"
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug fortify handler"
+ fi
+
+ # Build nscd with ssp-all
+ sed -i \
+ -e 's:-fstack-protector$:-fstack-protector-all:' \
+ nscd/Makefile \
+ || die "Failed to ensure nscd builds with ssp-all"
+ fi
+}
+
+maint_pkg_create() {
+ local base="/usr/local/src/gnu/glibc/glibc-${PV:0:1}_${PV:2:1}"
+ cd ${base}
+ local stamp=$(date +%Y%m%d)
+ local d
+ for d in libc ports ; do
+ #(cd ${d} && cvs up)
+ case ${d} in
+ libc) tarball="${P}";;
+ ports) tarball="${PN}-ports-${PV}";;
+ esac
+ rm -f ${tarball}*
+ ln -sf ${d} ${tarball}
+ tar hcf - ${tarball} --exclude-vcs | lzma > "${T}"/${tarball}.tar.lzma
+ du -b "${T}"/${tarball}.tar.lzma
+ done
+}
diff --git a/sys-libs/glibc/glibc-2.12.1-r3.ebuild b/sys-libs/glibc/glibc-2.12.1-r3.ebuild
new file mode 100644
index 000000000000..c12c09f5f3eb
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.12.1-r3.ebuild
@@ -0,0 +1,257 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.12.1-r3.ebuild,v 1.1 2010/10/31 21:02:33 flameeyes Exp $
+
+inherit eutils versionator libtool toolchain-funcs flag-o-matic gnuconfig multilib
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+
+LICENSE="LGPL-2"
+KEYWORDS="~amd64 ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+RESTRICT="strip" # strip ourself #46186
+EMULTILIB_PKG="true"
+
+# Configuration variables
+if [[ ${PV} == *_p* ]] ; then
+RELEASE_VER=${PV%_p*}
+BRANCH_UPDATE=""
+SNAP_VER=${PV#*_p}
+else
+RELEASE_VER=${PV}
+BRANCH_UPDATE=""
+SNAP_VER=""
+fi
+MANPAGE_VER="" # pregenerated manpages
+INFOPAGE_VER="" # pregenerated infopages
+LIBIDN_VER="" # it's integrated into the main tarball now
+PATCH_VER="6" # Gentoo patchset
+PORTS_VER= #${RELEASE_VER%.?} # version of glibc ports addon
+LT_VER="" # version of linuxthreads addon
+NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires
+#LT_KERN_VER=${LT_KERN_VER:-"2.4.1"} # min kernel version linuxthreads requires
+
+IUSE="debug gd glibc-omitfp hardened multilib nls selinux profile vanilla crosscompile_opts_headers-only ${LT_VER:+glibc-compat20 nptl nptlonly}"
+S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}}
+
+# Here's how the cross-compile logic breaks down ...
+# CTARGET - machine that will target the binaries
+# CHOST - machine that will host the binaries
+# CBUILD - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+# CBUILD = CHOST = CTARGET - native build/install
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
+# For install paths:
+# CHOST = CTARGET - install into /
+# CHOST != CTARGET - install into /usr/CTARGET/
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+ export CTARGET=${CATEGORY/cross-}
+ fi
+fi
+
+[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20}
+
+is_crosscompile() {
+ [[ ${CHOST} != ${CTARGET} ]]
+}
+alt_libdir() {
+ if is_crosscompile ; then
+ echo /usr/${CTARGET}/$(get_libdir)
+ else
+ echo /$(get_libdir)
+ fi
+}
+
+if is_crosscompile ; then
+ SLOT="${CTARGET}-2.2"
+else
+ # Why SLOT 2.2 you ask yourself while sippin your tea ?
+ # Everyone knows 2.2 > 0, duh.
+ SLOT="2.2"
+ PROVIDE="virtual/libc"
+fi
+
+# General: We need a new-enough binutils for as-needed
+# arch: we need to make sure our binutils/gcc supports TLS
+DEPEND=">=sys-devel/gcc-3.4.4
+ arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 )
+ x86? ( >=sys-devel/gcc-4.3 )
+ amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 )
+ ppc? ( >=sys-devel/gcc-4.1.0 )
+ ppc64? ( >=sys-devel/gcc-4.1.0 )
+ >=sys-devel/binutils-2.15.94
+ ${LT_VER:+nptl? (} >=sys-kernel/linux-headers-${NPTL_KERN_VER} ${LT_VER:+)}
+ >=sys-devel/gcc-config-1.3.12
+ >=app-misc/pax-utils-0.1.10
+ virtual/os-headers
+ nls? ( sys-devel/gettext )
+ >=sys-apps/sandbox-1.2.18.1-r2
+ !<sys-apps/portage-2.1.2
+ selinux? ( sys-libs/libselinux )"
+RDEPEND="!sys-kernel/ps3-sources
+ nls? ( sys-devel/gettext )
+ selinux? ( sys-libs/libselinux )"
+
+if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+ DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )"
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers"
+else
+ DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )"
+ RDEPEND="${RDEPEND}
+ vanilla? ( !sys-libs/timezone-data )
+ !vanilla? ( sys-libs/timezone-data )"
+fi
+
+SRC_URI=$(
+ upstream_uris() {
+ echo mirror://gnu/glibc/$1 ftp://sources.redhat.com/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
+ }
+ gentoo_uris() {
+ local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
+ devspace=${devspace//HTTP/http://dev.gentoo.org/}
+ echo mirror://gentoo/$1 ${devspace//URI/$1}
+ }
+
+ TARNAME=${PN}
+ if [[ -n ${SNAP_VER} ]] ; then
+ TARNAME="${PN}-${RELEASE_VER}"
+ [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER}
+ upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2
+ else
+ upstream_uris ${TARNAME}-${RELEASE_VER}.tar.bz2
+ fi
+ [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2
+ [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.bz2
+ [[ -n ${LT_VER} ]] && upstream_uris ${TARNAME}-linuxthreads-${LT_VER}.tar.bz2
+ [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+ [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
+ [[ -n ${MANPAGE_VER} ]] && gentoo_uris glibc-manpages-${MANPAGE_VER}.tar.bz2
+ [[ -n ${INFOPAGE_VER} ]] && gentoo_uris glibc-infopages-${INFOPAGE_VER}.tar.bz2
+)
+
+# eblit-include [--skip] <function> [version]
+eblit-include() {
+ local skipable=false
+ [[ $1 == "--skip" ]] && skipable=true && shift
+ [[ $1 == pkg_* ]] && skipable=true
+
+ local e v func=$1 ver=$2
+ [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
+ for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
+ e="${FILESDIR}/eblits/${func}${v}.eblit"
+ if [[ -e ${e} ]] ; then
+ source "${e}"
+ return 0
+ fi
+ done
+ ${skipable} && return 0
+ die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
+}
+
+# eblit-run-maybe <function>
+# run the specified function if it is defined
+eblit-run-maybe() {
+ [[ $(type -t "$@") == "function" ]] && "$@"
+}
+
+# eblit-run <function> [version]
+# aka: src_unpack() { eblit-run src_unpack ; }
+eblit-run() {
+ eblit-include --skip common "${*:2}"
+ eblit-include "$@"
+ eblit-run-maybe eblit-$1-pre
+ eblit-${PN}-$1
+ eblit-run-maybe eblit-$1-post
+}
+
+src_unpack() { eblit-run src_unpack ; }
+src_compile() { eblit-run src_compile ; }
+src_test() { eblit-run src_test ; }
+src_install() { eblit-run src_install ; }
+
+# FILESDIR might not be available during binpkg install
+for x in setup {pre,post}inst ; do
+ e="${FILESDIR}/eblits/pkg_${x}.eblit"
+ if [[ -e ${e} ]] ; then
+ . "${e}"
+ eval "pkg_${x}() { eblit-run pkg_${x} ; }"
+ fi
+done
+
+pkg_setup() {
+ eblit-run pkg_setup
+
+ # Static binary sanity check #332927
+ if [[ ${ROOT} == "/" ]] && \
+ has_version "<${CATEGORY}/${P}" && \
+ built_with_use sys-apps/coreutils static
+ then
+ eerror "Please rebuild coreutils with USE=-static, then install"
+ eerror "glibc, then you may rebuild coreutils with USE=static."
+ die "Avoiding system meltdown #332927"
+ fi
+}
+
+eblit-src_unpack-post() {
+ if use hardened ; then
+ cd "${S}"
+ einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+ gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
+
+ einfo "Patching Glibc to support older SSP __guard"
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-ssp-compat.patch
+
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
+ cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
+ debug/stack_chk_fail.c || die
+ cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \
+ debug/chk_fail.c || die
+
+ if use debug ; then
+ # When using Hardened Gentoo stack handler, have smashes dump core for
+ # analysis - debug only, as core could be an information leak
+ # (paranoia).
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug stack handler"
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug fortify handler"
+ fi
+
+ # Build nscd with ssp-all
+ sed -i \
+ -e 's:-fstack-protector$:-fstack-protector-all:' \
+ nscd/Makefile \
+ || die "Failed to ensure nscd builds with ssp-all"
+ fi
+}
+
+maint_pkg_create() {
+ local base="/usr/local/src/gnu/glibc/glibc-${PV:0:1}_${PV:2:1}"
+ cd ${base}
+ local stamp=$(date +%Y%m%d)
+ local d
+ for d in libc ports ; do
+ #(cd ${d} && cvs up)
+ case ${d} in
+ libc) tarball="${P}";;
+ ports) tarball="${PN}-ports-${PV}";;
+ esac
+ rm -f ${tarball}*
+ ln -sf ${d} ${tarball}
+ tar hcf - ${tarball} --exclude-vcs | lzma > "${T}"/${tarball}.tar.lzma
+ du -b "${T}"/${tarball}.tar.lzma
+ done
+}