1 files changed, 122 insertions, 0 deletions
diff --git a/community/glibc-static/PKGBUILD b/community/glibc-static/PKGBUILD
new file mode 100644
index 000000000..cff060a60
--- /dev/null
+++ b/community/glibc-static/PKGBUILD
@@ -0,0 +1,122 @@
+# $Id: PKGBUILD 197798 2013-10-30 10:37:54Z allan $
+# Maintainer: Allan McRae <allan@archlinux.org>
+
+# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
+# NOTE: valgrind requires rebuilt with each major glibc version
+
+# NOTE: adjust version in install script when locale files are updated
+
+pkgname=glibc-static
+pkgver=2.18
+pkgrel=1
+pkgdesc="GNU C Library"
+arch=('i686' 'x86_64')
+url="http://www.gnu.org/software/libc"
+license=('GPL' 'LGPL')
+groups=('base')
+depends=('linux-api-headers>=3.7' 'tzdata' 'filesystem>=2013.01')
+makedepends=('gcc>=4.7')
+options=('!strip' 'staticlibs')
+source=(http://ftp.gnu.org/gnu/libc/glibc-${pkgver}.tar.xz{,.sig}
+        glibc-2.18-make-4.patch
+        glibc-2.18-readdir_r-CVE-2013-4237.patch
+        glibc-2.18-malloc-corrupt-CVE-2013-4332.patch
+        glibc-2.18-strcoll-CVE-2012-4412+4424.patch
+        glibc-2.18-ptr-mangle-CVE-2013-4788.patch
+        glibc-2.18-getaddrinfo-CVE-2013-4458.patch
+        glibc-2.18-getaddrinfo-assertion.patch
+        glibc-2.18-strstr-hackfix.patch)
+md5sums=('88fbbceafee809e82efd52efa1e3c58f'
+         'SKIP'
+         'e1883c2d1b01ff73650db5f5bb5a5a52'
+         '154da6bf5a5248f42a7bf5bf08e01a47'
+         'b79561ab9dce900e9bbeaf0d49927c2b'
+         'c7264b99d0f7e51922a4d3126182c40a'
+         '9749ba386b08a8fe53e7ecede9bf2dfb'
+         '71329fccb8eb583fb0d67b55f1e8df68'
+         'd4d86add33f22125777e0ecff06bc9bb'
+         '4441f6dfe7d75ced1fa75e54dd21d36e')
+
+prepare() {
+  cd ${srcdir}/glibc-${pkgver}
+
+  # compatibility with make-4.0 (submitted upstream)
+  patch -p1 -i $srcdir/glibc-2.18-make-4.patch
+
+  # upstream commit 91ce4085
+  patch -p1 -i $srcdir/glibc-2.18-readdir_r-CVE-2013-4237.patch
+
+  # upstream commits 1159a193, 55e17aad and b73ed247
+  patch -p1 -i $srcdir/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch
+
+  # upstream commits 1326ba1a, 141f3a77 and 303e567a
+  patch -p1 -i $srcdir/glibc-2.18-strcoll-CVE-2012-4412+4424.patch
+
+  # upstream commits c61b4d41 and 0b1f8e35
+  patch -p1 -i $srcdir/glibc-2.18-ptr-mangle-CVE-2013-4788.patch
+
+  # upstream commit 7cbcdb36
+  patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-CVE-2013-4458.patch
+
+  # upstream commit 894f3f10
+  patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-assertion.patch
+
+  # hack fix for strstr issues on x86
+  patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch
+
+  mkdir ${srcdir}/glibc-build
+}
+
+build() {
+  cd ${srcdir}/glibc-build
+
+  if [[ ${CARCH} = "i686" ]]; then
+    # Hack to fix NPTL issues with Xen, only required on 32bit platforms
+    # TODO: make separate glibc-xen package for i686
+    export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs"
+  fi
+
+  echo "slibdir=/usr/lib" >> configparms
+  echo "sbindir=/usr/bin" >> configparms
+  echo "rootsbindir=/usr/bin" >> configparms
+
+  # remove hardening options for building libraries
+  CFLAGS=${CFLAGS/-fstack-protector/}
+  CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}
+
+  ${srcdir}/glibc-${pkgver}/configure --prefix=/usr \
+      --libdir=/usr/lib --libexecdir=/usr/lib \
+      --with-headers=/usr/include \
+      --with-bugurl=https://bugs.archlinux.org/ \
+      --enable-add-ons=nptl,libidn \
+      --enable-obsolete-rpc \
+      --enable-kernel=2.6.32 \
+      --enable-bind-now --disable-profile \
+      --enable-stackguard-randomization \
+      --enable-lock-elision \
+      --enable-multi-arch
+
+  # build libraries with hardening disabled
+  echo "build-programs=no" >> configparms
+  make
+
+  # re-enable hardening for programs
+  sed -i "/build-programs=/s#no#yes#" configparms
+  echo "CC += -fstack-protector -D_FORTIFY_SOURCE=2" >> configparms
+  echo "CXX += -fstack-protector -D_FORTIFY_SOURCE=2" >> configparms
+  make
+
+  # remove harding in preparation to run test-suite
+  sed -i '4,6d' configparms
+}
+
+package() {
+  cd ${srcdir}/glibc-build
+  make install_root=${pkgdir} install
+  rm -rf $pkgdir/usr/{bin,include,share,lib/{pkgconfig,audit,gconv,getconf}}
+  rm -rf $pkgdir/{etc,var}
+  rm -f $pkgdir/usr/lib/*.so*
+  rm -f $pkgdir/usr/lib/*.o
+  rm -f $pkgdir/usr/lib/lib{bsd-compat,c,c_nonshared,dl,g,ieee,m,mcheck,pthread,pthread_nonshared,rpcsvc}.a
+  strip $STRIP_STATIC $pkgdir/usr/lib/*.a
+}