diff options
Diffstat (limited to 'community/glibc-static/PKGBUILD')
-rw-r--r-- | community/glibc-static/PKGBUILD | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/community/glibc-static/PKGBUILD b/community/glibc-static/PKGBUILD new file mode 100644 index 000000000..cff060a60 --- /dev/null +++ b/community/glibc-static/PKGBUILD @@ -0,0 +1,122 @@ +# $Id: PKGBUILD 197798 2013-10-30 10:37:54Z allan $ +# Maintainer: Allan McRae <allan@archlinux.org> + +# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc +# NOTE: valgrind requires rebuilt with each major glibc version + +# NOTE: adjust version in install script when locale files are updated + +pkgname=glibc-static +pkgver=2.18 +pkgrel=1 +pkgdesc="GNU C Library" +arch=('i686' 'x86_64') +url="http://www.gnu.org/software/libc" +license=('GPL' 'LGPL') +groups=('base') +depends=('linux-api-headers>=3.7' 'tzdata' 'filesystem>=2013.01') +makedepends=('gcc>=4.7') +options=('!strip' 'staticlibs') +source=(http://ftp.gnu.org/gnu/libc/glibc-${pkgver}.tar.xz{,.sig} + glibc-2.18-make-4.patch + glibc-2.18-readdir_r-CVE-2013-4237.patch + glibc-2.18-malloc-corrupt-CVE-2013-4332.patch + glibc-2.18-strcoll-CVE-2012-4412+4424.patch + glibc-2.18-ptr-mangle-CVE-2013-4788.patch + glibc-2.18-getaddrinfo-CVE-2013-4458.patch + glibc-2.18-getaddrinfo-assertion.patch + glibc-2.18-strstr-hackfix.patch) +md5sums=('88fbbceafee809e82efd52efa1e3c58f' + 'SKIP' + 'e1883c2d1b01ff73650db5f5bb5a5a52' + '154da6bf5a5248f42a7bf5bf08e01a47' + 'b79561ab9dce900e9bbeaf0d49927c2b' + 'c7264b99d0f7e51922a4d3126182c40a' + '9749ba386b08a8fe53e7ecede9bf2dfb' + '71329fccb8eb583fb0d67b55f1e8df68' + 'd4d86add33f22125777e0ecff06bc9bb' + '4441f6dfe7d75ced1fa75e54dd21d36e') + +prepare() { + cd ${srcdir}/glibc-${pkgver} + + # compatibility with make-4.0 (submitted upstream) + patch -p1 -i $srcdir/glibc-2.18-make-4.patch + + # upstream commit 91ce4085 + patch -p1 -i $srcdir/glibc-2.18-readdir_r-CVE-2013-4237.patch + + # upstream commits 1159a193, 55e17aad and b73ed247 + patch -p1 -i $srcdir/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch + + # upstream commits 1326ba1a, 141f3a77 and 303e567a + patch -p1 -i $srcdir/glibc-2.18-strcoll-CVE-2012-4412+4424.patch + + # upstream commits c61b4d41 and 0b1f8e35 + patch -p1 -i $srcdir/glibc-2.18-ptr-mangle-CVE-2013-4788.patch + + # upstream commit 7cbcdb36 + patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-CVE-2013-4458.patch + + # upstream commit 894f3f10 + patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-assertion.patch + + # hack fix for strstr issues on x86 + patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch + + mkdir ${srcdir}/glibc-build +} + +build() { + cd ${srcdir}/glibc-build + + if [[ ${CARCH} = "i686" ]]; then + # Hack to fix NPTL issues with Xen, only required on 32bit platforms + # TODO: make separate glibc-xen package for i686 + export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs" + fi + + echo "slibdir=/usr/lib" >> configparms + echo "sbindir=/usr/bin" >> configparms + echo "rootsbindir=/usr/bin" >> configparms + + # remove hardening options for building libraries + CFLAGS=${CFLAGS/-fstack-protector/} + CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/} + + ${srcdir}/glibc-${pkgver}/configure --prefix=/usr \ + --libdir=/usr/lib --libexecdir=/usr/lib \ + --with-headers=/usr/include \ + --with-bugurl=https://bugs.archlinux.org/ \ + --enable-add-ons=nptl,libidn \ + --enable-obsolete-rpc \ + --enable-kernel=2.6.32 \ + --enable-bind-now --disable-profile \ + --enable-stackguard-randomization \ + --enable-lock-elision \ + --enable-multi-arch + + # build libraries with hardening disabled + echo "build-programs=no" >> configparms + make + + # re-enable hardening for programs + sed -i "/build-programs=/s#no#yes#" configparms + echo "CC += -fstack-protector -D_FORTIFY_SOURCE=2" >> configparms + echo "CXX += -fstack-protector -D_FORTIFY_SOURCE=2" >> configparms + make + + # remove harding in preparation to run test-suite + sed -i '4,6d' configparms +} + +package() { + cd ${srcdir}/glibc-build + make install_root=${pkgdir} install + rm -rf $pkgdir/usr/{bin,include,share,lib/{pkgconfig,audit,gconv,getconf}} + rm -rf $pkgdir/{etc,var} + rm -f $pkgdir/usr/lib/*.so* + rm -f $pkgdir/usr/lib/*.o + rm -f $pkgdir/usr/lib/lib{bsd-compat,c,c_nonshared,dl,g,ieee,m,mcheck,pthread,pthread_nonshared,rpcsvc}.a + strip $STRIP_STATIC $pkgdir/usr/lib/*.a +} |