This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 4eec3d94d92ca122553c5ef77797227aa56ef128 (commit) from 78647fb02210e34f700f44534bc73b401d3416bf (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 4eec3d94d92ca122553c5ef77797227aa56ef128 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Sep 23 21:13:53 2016 +0100
glibc: Update to 2.24
Requires a patch to build on x86_64: https://sourceware.org/bugzilla/show_bug.cgi?id=20621
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: glibc/glibc.nm | 10 +- .../glibc-2.11.1-owl-alt-res_randomid.patch | 317 --------------------- ...rt-Avoid-an-extra-branch-to-PLT-for-z-now.patch | 84 ++++++ .../glibc-compile-fix-for-memcpy-ssse3.patch | 67 +++++ glibc/patches/glibc-fedora-include-bits-ldbl.patch | 30 -- 5 files changed, 155 insertions(+), 353 deletions(-) delete mode 100644 glibc/patches/glibc-2.11.1-owl-alt-res_randomid.patch create mode 100644 glibc/patches/glibc-2.24-Revert-Avoid-an-extra-branch-to-PLT-for-z-now.patch create mode 100644 glibc/patches/glibc-compile-fix-for-memcpy-ssse3.patch delete mode 100644 glibc/patches/glibc-fedora-include-bits-ldbl.patch
Difference in files: diff --git a/glibc/glibc.nm b/glibc/glibc.nm index 0653382..943bf0e 100644 --- a/glibc/glibc.nm +++ b/glibc/glibc.nm @@ -4,8 +4,8 @@ ###############################################################################
name = glibc -version = 2.23 -release = 2 +version = 2.24 +release = 1
maintainer = Michael Tremer michael.tremer@ipfire.org groups = System/Base @@ -34,6 +34,7 @@ build audit-devel autoconf automake + binutils >= 2.27 gcc >= 4.7 gettext kernel-headers >= %{OPTIMIZED_KERNEL} @@ -44,7 +45,7 @@ build end
# Build glibc with custom cflags - GLIBC_FLAGS = -O3 -g -fasynchronous-unwind-tables -DNDEBUG -fPIC -DPIC + GLIBC_FLAGS = -O3 -g -fasynchronous-unwind-tables -DNDEBUG
if "%{DISTRO_ARCH}" == "i686" GLIBC_FLAGS += -march=i686 -mtune=generic @@ -111,9 +112,6 @@ build ../%{thisapp}/configure \ %{configure_options}
- sed -i config.make \ - -e "s/^build-pic-default=.*/build-pic-default=yes/" - # Our GCC is already passing -fPIC, and that's all we want for the libraries. # LDFLAGS.so is appended to so we don't build shared libraries with # DT_TEXTREL (and to tell us if something goes wrong). For now we only build diff --git a/glibc/patches/glibc-2.11.1-owl-alt-res_randomid.patch b/glibc/patches/glibc-2.11.1-owl-alt-res_randomid.patch deleted file mode 100644 index 969b8dc..0000000 --- a/glibc/patches/glibc-2.11.1-owl-alt-res_randomid.patch +++ /dev/null @@ -1,317 +0,0 @@ -# Improve res_randomid in the resolver. - ---- a/include/resolv.h -+++ b/include/resolv.h -@@ -31,6 +31,7 @@ extern struct __res_state _res; - # endif - - /* Now define the internal interfaces. */ -+extern unsigned int _shuffle_next (void); - extern int __res_vinit (res_state, int); - extern int __res_maybe_init (res_state, int); - extern void _sethtent (int); ---- a/resolv/Makefile -+++ b/resolv/Makefile -@@ -29,7 +29,7 @@ distribute := ../conf/portability.h mapv4v6addr.h mapv4v6hostent.h \ - Banner res_hconf.h res_debug.h README gai_misc.h ga_test.c - - routines := herror inet_addr inet_ntop inet_pton nsap_addr res_init \ -- res_hconf res_libc res-state -+ res_hconf res_libc res-state shuffle - - tests = tst-aton tst-leaks tst-inet_ntop - xtests = tst-leaks2 ---- a/resolv/res_init.c -+++ b/resolv/res_init.c -@@ -570,7 +570,9 @@ net_mask(in) /* XXX - should really use system's version of this */ - - u_int - res_randomid(void) { -- return 0xffff & __getpid(); -+/* We should probably randomize the port number as well, -+ * but this may be better done in the kernel */ -+ return _shuffle_next(); - } - #ifdef _LIBC - libc_hidden_def (__res_randomid) ---- a/resolv/res_mkquery.c -+++ b/resolv/res_mkquery.c -@@ -120,6 +120,7 @@ res_nmkquery(res_state statp, - return (-1); - memset(buf, 0, HFIXEDSZ); - hp = (HEADER *) buf; -+#ifdef USE_OLD_RANDOMIZE_CODE - /* We randomize the IDs every time. The old code just - incremented by one after the initial randomization which - still predictable if the application does multiple -@@ -137,6 +138,9 @@ res_nmkquery(res_state statp, - } - while ((randombits & 0xffff) == 0); - statp->id = (statp->id + randombits) & 0xffff; -+#else -+ statp->id = res_randomid (); -+#endif - hp->id = statp->id; - hp->opcode = op; - hp->rd = (statp->options & RES_RECURSE) != 0; ---- /dev/null -+++ b/resolv/shuffle.c -@@ -0,0 +1,258 @@ -+/* -+ * Written by Solar Designer and placed in the public domain. -+ */ -+ -+#include <unistd.h> -+#include <fcntl.h> -+#include <resolv.h> -+ -+#ifdef __linux__ -+#define DEVICE "/dev/urandom" -+#else -+#undef DEVICE -+#endif -+ -+#if defined(DEVICE) && defined(_LIBC) -+#define CONSERVE_KERNEL_RANDOMNESS -+#else -+#undef CONSERVE_KERNEL_RANDOMNESS -+#endif -+ -+#ifdef DEVICE -+#include <errno.h> -+#endif -+ -+#include <stdlib.h> -+#include <string.h> -+#include <sys/time.h> -+#include <sys/times.h> -+ -+#ifdef TEST -+#include <stdio.h> -+#endif -+ -+#define DIV 0x8000 -+ -+static unsigned char pool[0x100]; -+ -+static struct { -+ unsigned int base, xor; -+ unsigned char s[0x80]; -+} seed_c; -+static unsigned char seed_f[0x100]; -+ -+static struct { -+ unsigned int msb; -+ unsigned int a, b; -+ unsigned int n; -+} state; -+ -+static void pool_update(unsigned int seed) -+{ -+ int i, x; -+ -+ __srandom(seed ^ __random()); -+ for (i = 0; i < sizeof(pool); i++) { -+ x = __random(); -+ pool[i] += (x >> 16) ^ x; -+ } -+} -+ -+#ifdef DEVICE -+static int read_loop(int fd, char *buffer, int count) -+{ -+ int offset, block; -+ -+ offset = 0; -+ while (count > 0) { -+ block = __read(fd, &buffer[offset], count); -+ -+ if (block < 0) { -+ if (errno == EINTR) continue; -+ return block; -+ } -+ if (!block) return offset; -+ -+ offset += block; -+ count -= block; -+ } -+ -+ return offset; -+} -+ -+static int read_random(char *buffer, int count) -+{ -+ int fd; -+#ifdef CONSERVE_KERNEL_RANDOMNESS -+ unsigned int seed[2]; -+ -+ if (count > sizeof(pool)) -+ return -1; -+#endif -+ -+ if ((fd = __open(DEVICE, O_RDONLY)) < 0) -+ return -1; -+ -+#ifdef CONSERVE_KERNEL_RANDOMNESS -+ if (read_loop(fd, (char *)seed, sizeof(seed)) != sizeof(seed)) { -+ __close(fd); -+ return -1; -+ } -+ __close(fd); -+ -+ memset(pool, 'X', sizeof(pool)); -+ pool_update(seed[0]); -+ pool_update(seed[1]); -+ -+ memcpy(buffer, pool, count); -+#else -+ count = read_loop(fd, buffer, count); -+ __close(fd); -+#endif -+ -+ return count; -+} -+#else -+#define read_random(buffer, count) (-1) -+#endif -+ -+static void shuffle_init() -+{ -+ struct timeval tv; -+ -+ if (read_random((char *)seed_f, sizeof(seed_f)) != sizeof(seed_f)) { -+ memset(pool, 'X', sizeof(pool)); -+ pool_update(__getpid()); -+ pool_update(__getppid()); -+ if (!__gettimeofday(&tv, NULL)) { -+ pool_update(tv.tv_sec); -+ pool_update(tv.tv_usec); -+ } -+ -+ memcpy(seed_f, pool, sizeof(seed_f)); -+ } -+ -+ state.msb = 0; -+ state.n = DIV; /* force a reseed() */ -+} -+ -+static void reseed() -+{ -+ struct tms buf; -+ -+ if (read_random((char *)&seed_c, sizeof(seed_c)) != sizeof(seed_c)) { -+ pool_update(__times(&buf)); -+ pool_update(buf.tms_utime); -+ pool_update(buf.tms_stime); -+ -+ memcpy(&seed_c, pool, sizeof(seed_c)); -+ } -+ -+ seed_c.base &= 0x1fff; -+ seed_c.base <<= 3; -+ seed_c.base += DIV + 3; -+ seed_c.xor &= (DIV - 1); -+ state.msb ^= 0x8000; -+ state.a = 1; -+ state.b = 1; -+ state.n = 0; -+} -+ -+/* -+ * Now, time for a puzzle. Think of division by DIV in seed_c.base. -+ * This is not as slow as it might appear: the inner loop needs only -+ * a few iterations per call, on average. -+ */ -+static unsigned int shuffle_1_next() -+{ -+ if (state.n >= DIV - 1) -+ reseed(); -+ -+ if (state.n && state.b <= state.a) { -+ do { -+ state.b = ++state.a; -+ do { -+ state.b *= seed_c.base; -+ state.b %= DIV; -+ } while (state.b > state.a); -+ } while (state.a != state.b); -+ } -+ -+ state.b *= seed_c.base; -+ state.b %= DIV; -+ state.n++; -+ -+ return state.b ^ seed_c.xor; -+} -+ -+/* -+ * The idea behind shuffle_2 is David Wagner's (any bugs are mine, -+ * of course). -+ */ -+static unsigned int shuffle_2(unsigned int x) -+{ -+ unsigned int i, sum; -+ -+ sum = 0; -+ for (i = 0; i < 8; i++) { -+ sum += 0x79b9; -+ x ^= ((unsigned int)seed_c.s[(x ^ sum) & 0x7f]) << 7; -+ x = ((x & 0xff) << 7) | (x >> 8); -+ } -+ -+ return x; -+} -+ -+/* -+ * A full 16-bit permutation. This one can't be re-seeded, but still -+ * makes some attacks quite a bit harder. -+ */ -+static unsigned int shuffle_3(unsigned int x) -+{ -+ unsigned int i, sum; -+ -+ sum = 0; -+ for (i = 0; i < 8; i++) { -+ sum += 0x79b9; -+ x ^= ((unsigned int)seed_f[(x ^ sum) & 0xff]) << 8; -+ x = ((x & 0xff) << 8) | (x >> 8); -+ } -+ -+ return x; -+} -+ -+unsigned int _shuffle_next() -+{ -+ static int initialized = 0; -+ unsigned int pid, x; -+ -+/* This isn't MT-safe, but the resolver itself isn't safe, anyway */ -+ if (!initialized) { -+ shuffle_init(); -+ initialized = 1; -+ } -+ -+/* Make sure the sequence we generate changes after fork() */ -+ pid = __getpid(); -+ -+ x = shuffle_1_next(); -+ x ^= pid & 0x7fff; -+ x = shuffle_2(x); -+ x |= state.msb; -+ x ^= (pid >> 15) & 0xffff; -+ x = shuffle_3(x); -+ -+ return x; -+} -+ -+#ifdef TEST -+int main() -+{ -+ int i; -+ -+ for (i = 0; i < 0xfffe; i++) -+ printf("%u\n", _shuffle_next()); -+ -+ return 0; -+} -+#endif diff --git a/glibc/patches/glibc-2.24-Revert-Avoid-an-extra-branch-to-PLT-for-z-now.patch b/glibc/patches/glibc-2.24-Revert-Avoid-an-extra-branch-to-PLT-for-z-now.patch new file mode 100644 index 0000000..102d385 --- /dev/null +++ b/glibc/patches/glibc-2.24-Revert-Avoid-an-extra-branch-to-PLT-for-z-now.patch @@ -0,0 +1,84 @@ +From f160cfff59261bb661cf829fdcb5a3f391996280 Mon Sep 17 00:00:00 2001 +From: Michael Tremer michael.tremer@ipfire.org +Date: Thu, 22 Sep 2016 16:33:43 +0100 +Subject: [PATCH] Revert "Avoid an extra branch to PLT for -z now" + +This reverts commit 6901def689b5c77465d34f07822989ec67e80c1e. + +glibc won't compile on x86_64 with PIC and BIND_NOW enabled +both at the same time. + +See: https://sourceware.org/bugzilla/show_bug.cgi?id=20621 +--- + config.h.in | 3 --- + configure | 4 ---- + configure.ac | 3 --- + sysdeps/x86_64/sysdep.h | 8 ++------ + 4 files changed, 2 insertions(+), 16 deletions(-) + +diff --git a/config.h.in b/config.h.in +index 8cd08b0..f4ec748 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -94,9 +94,6 @@ + include/libc-symbols.h that avoid PLT slots in the shared objects. */ + #undef NO_HIDDEN + +-/* Define this to disable lazy relocations in DSOs. */ +-#undef BIND_NOW +- + /* AArch64 big endian ABI */ + #undef HAVE_AARCH64_BE + +diff --git a/configure b/configure +index 6ff2527..46015c9 100755 +--- a/configure ++++ b/configure +@@ -3419,10 +3419,6 @@ else + fi + + +-if test "x$bindnow" = xyes; then +- $as_echo "#define BIND_NOW 1" >>confdefs.h +- +-fi + + # Check whether --enable-static-nss was given. + if test "${enable_static_nss+set}" = set; then : +diff --git a/configure.ac b/configure.ac +index 9938ab0..d255b57 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -231,9 +231,6 @@ AC_ARG_ENABLE([bind-now], + [bindnow=$enableval], + [bindnow=no]) + AC_SUBST(bindnow) +-if test "x$bindnow" = xyes; then +- AC_DEFINE(BIND_NOW) +-fi + + dnl On some platforms we cannot use dynamic loading. We must provide + dnl static NSS modules. +diff --git a/sysdeps/x86_64/sysdep.h b/sysdeps/x86_64/sysdep.h +index 75ac747..fbe3560 100644 +--- a/sysdeps/x86_64/sysdep.h ++++ b/sysdeps/x86_64/sysdep.h +@@ -90,13 +90,9 @@ lose: \ + + #undef JUMPTARGET + #ifdef PIC +-# ifdef BIND_NOW +-# define JUMPTARGET(name) *name##@GOTPCREL(%rip) +-# else +-# define JUMPTARGET(name) name##@PLT +-# endif ++#define JUMPTARGET(name) name##@PLT + #else +-# define JUMPTARGET(name) name ++#define JUMPTARGET(name) name + #endif + + /* Local label name for asm code. */ +-- +2.7.4 + diff --git a/glibc/patches/glibc-compile-fix-for-memcpy-ssse3.patch b/glibc/patches/glibc-compile-fix-for-memcpy-ssse3.patch new file mode 100644 index 0000000..1bc1a06 --- /dev/null +++ b/glibc/patches/glibc-compile-fix-for-memcpy-ssse3.patch @@ -0,0 +1,67 @@ +diff --git a/sysdeps/x86_64/multiarch/memcpy-ssse3-back.S b/sysdeps/x86_64/multiarch/memcpy-ssse3-back.S +index b4890f4..4b717d9 100644 +--- a/sysdeps/x86_64/multiarch/memcpy-ssse3-back.S ++++ b/sysdeps/x86_64/multiarch/memcpy-ssse3-back.S +@@ -48,8 +48,10 @@ + .section .text.ssse3,"ax",@progbits + #if !defined USE_AS_MEMPCPY && !defined USE_AS_MEMMOVE + ENTRY (MEMPCPY_CHK) ++#ifdef _FORTIFY_SOURCE + cmpq %rdx, %rcx + jb HIDDEN_JUMPTARGET (__chk_fail) ++#endif + END (MEMPCPY_CHK) + + ENTRY (MEMPCPY) +@@ -61,8 +63,10 @@ END (MEMPCPY) + + #if !defined USE_AS_BCOPY + ENTRY (MEMCPY_CHK) ++#ifdef _FORTIFY_SOURCE + cmpq %rdx, %rcx + jb HIDDEN_JUMPTARGET (__chk_fail) ++#endif + END (MEMCPY_CHK) + #endif + +diff --git a/sysdeps/x86_64/multiarch/memcpy-ssse3.S b/sysdeps/x86_64/multiarch/memcpy-ssse3.S +index 1ca88c0..a2f140b 100644 +--- a/sysdeps/x86_64/multiarch/memcpy-ssse3.S ++++ b/sysdeps/x86_64/multiarch/memcpy-ssse3.S +@@ -48,8 +48,10 @@ + .section .text.ssse3,"ax",@progbits + #if !defined USE_AS_MEMPCPY && !defined USE_AS_MEMMOVE + ENTRY (MEMPCPY_CHK) ++#ifdef _FORTIFY_SOURCE + cmpq %rdx, %rcx + jb HIDDEN_JUMPTARGET (__chk_fail) ++#endif + END (MEMPCPY_CHK) + + ENTRY (MEMPCPY) +@@ -61,8 +63,10 @@ END (MEMPCPY) + + #if !defined USE_AS_BCOPY + ENTRY (MEMCPY_CHK) ++#ifdef _FORTIFY_SOURCE + cmpq %rdx, %rcx + jb HIDDEN_JUMPTARGET (__chk_fail) ++#endif + END (MEMCPY_CHK) + #endif + +diff --git a/sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S b/sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S +index 9687df0..2d0abee 100644 +--- a/sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S ++++ b/sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S +@@ -29,8 +29,10 @@ + .section .text.avx512,"ax",@progbits + #if defined PIC + ENTRY (MEMSET_CHK) ++#ifdef _FORTIFY_SOURCE + cmpq %rdx, %rcx + jb HIDDEN_JUMPTARGET (__chk_fail) ++#endif + END (MEMSET_CHK) + #endif + diff --git a/glibc/patches/glibc-fedora-include-bits-ldbl.patch b/glibc/patches/glibc-fedora-include-bits-ldbl.patch deleted file mode 100644 index 1e5d763..0000000 --- a/glibc/patches/glibc-fedora-include-bits-ldbl.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 5eb4509a6651d19c7a28c4506d6aa582c9ee095a Mon Sep 17 00:00:00 2001 -From: Jakub Jelinek jakub@redhat.com -Date: Wed, 1 Feb 2006 09:30:43 +0000 -Subject: [PATCH] 128-bit long double fixes - -* include/bits/stdlib-ldbl.h: New file. -* include/bits/wchar-ldbl.h: New file. - ---- - ChangeLog | 5 +++++ - include/bits/stdlib-ldbl.h | 1 + - include/bits/wchar-ldbl.h | 1 + - 3 files changed, 7 insertions(+), 0 deletions(-) - create mode 100644 include/bits/stdlib-ldbl.h - create mode 100644 include/bits/wchar-ldbl.h - -diff --git a/include/bits/stdlib-ldbl.h b/include/bits/stdlib-ldbl.h -new file mode 100644 -index 0000000..6250949 ---- /dev/null -+++ b/include/bits/stdlib-ldbl.h -@@ -0,0 +1 @@ -+#include <stdlib/bits/stdlib-ldbl.h> -diff --git a/include/bits/wchar-ldbl.h b/include/bits/wchar-ldbl.h -new file mode 100644 -index 0000000..29baa2f ---- /dev/null -+++ b/include/bits/wchar-ldbl.h -@@ -0,0 +1 @@ -+#include <wcsmbs/bits/wchar-ldbl.h>
hooks/post-receive -- IPFire 3.x development tree