core/glibc/PKGBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199

# $Id: PKGBUILD 201557 2013-12-15 06:41:32Z allan $
# Maintainer: Allan McRae <allan@archlinux.org>

# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
# NOTE: valgrind requires rebuilt with each major glibc version

# NOTE: adjust version in install script when locale files are updated

pkgname=glibc
pkgver=2.18
pkgrel=11
pkgdesc="GNU C Library"
arch=('i686' 'x86_64' 'mips64el')
url="http://www.gnu.org/software/libc"
license=('GPL' 'LGPL')
groups=('base')
depends=('linux-api-headers>=3.7' 'tzdata' 'filesystem>=2013.01')
makedepends=('gcc>=4.7')
backup=(etc/gai.conf
        etc/locale.gen
        etc/nscd.conf)
options=('!strip' 'staticlibs')
install=glibc.install
source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig}
        glibc-2.18-make-4.patch
        glibc-2.18-readdir_r-CVE-2013-4237.patch
        glibc-2.18-malloc-corrupt-CVE-2013-4332.patch
        glibc-2.18-strcoll-CVE-2012-4412+4424.patch
        glibc-2.18-ptr-mangle-CVE-2013-4788.patch
        glibc-2.18-getaddrinfo-CVE-2013-4458.patch
        glibc-2.18-getaddrinfo-assertion.patch
        glibc-2.18-scanf-parse-0e-0.patch
        glibc-2.18-strstr-hackfix.patch
        nscd.service
        nscd.tmpfiles
        locale.gen.txt
        locale-gen)
md5sums=('88fbbceafee809e82efd52efa1e3c58f'
         'SKIP'
         'e1883c2d1b01ff73650db5f5bb5a5a52'
         '154da6bf5a5248f42a7bf5bf08e01a47'
         'b79561ab9dce900e9bbeaf0d49927c2b'
         'c7264b99d0f7e51922a4d3126182c40a'
         '9749ba386b08a8fe53e7ecede9bf2dfb'
         '71329fccb8eb583fb0d67b55f1e8df68'
         'd4d86add33f22125777e0ecff06bc9bb'
         '01d19fe9b2aea489cf5651530e0369f2'
         '4441f6dfe7d75ced1fa75e54dd21d36e'
         'd5fab2cd3abea65aa5ae696ea4a47d6b'
         'da662ca76e7c8d7efbc7986ab7acea2d'
         '07ac979b6ab5eeb778d55f041529d623'
         'b5fd017036fb91199ee76f670da8c15b')

prepare() {
  cd ${srcdir}/${pkgname}-${pkgver}

  # compatibility with make-4.0 (submitted upstream)
  patch -p1 -i $srcdir/glibc-2.18-make-4.patch

  # upstream commit 91ce4085
  patch -p1 -i $srcdir/glibc-2.18-readdir_r-CVE-2013-4237.patch

  # upstream commits 1159a193, 55e17aad and b73ed247
  patch -p1 -i $srcdir/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch

  # upstream commits 1326ba1a, 141f3a77 and 303e567a
  patch -p1 -i $srcdir/glibc-2.18-strcoll-CVE-2012-4412+4424.patch

  # upstream commits c61b4d41 and 0b1f8e35
  patch -p1 -i $srcdir/glibc-2.18-ptr-mangle-CVE-2013-4788.patch

  # upstream commit 7cbcdb36
  patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-CVE-2013-4458.patch

  # upstream commit 894f3f10
  patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-assertion.patch

  # upstream commit a4966c61
  patch -p1 -i $srcdir/glibc-2.18-scanf-parse-0e-0.patch

  # hack fix for strstr issues on x86
  patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch

  mkdir ${srcdir}/glibc-build
}

build() {
  cd ${srcdir}/glibc-build

  # on mips64el it fails with
  # configure: error: --enable-multi-arch support requires assembler and linker support
  extra=" --enable-multi-arch"

  if [[ ${CARCH} = "i686" ]]; then
    # Hack to fix NPTL issues with Xen, only required on 32bit platforms
    # TODO: make separate glibc-xen package for i686
    export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs"
  elif [[ ${CARCH} = "mips64el" ]]; then
    # mips64el is only supported in ports.
    extra_addons=",ports"
    unset extra
  fi

  echo "slibdir=/usr/lib" >> configparms
  echo "sbindir=/usr/bin" >> configparms
  echo "rootsbindir=/usr/bin" >> configparms

  # remove hardening options for building libraries
  CFLAGS=${CFLAGS/-fstack-protector/}
  CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}

  ${srcdir}/${pkgname}-${pkgver}/configure --prefix=/usr \
      --host=${CHOST} --build=${CHOST} \
      --libdir=/usr/lib --libexecdir=/usr/lib \
      --with-headers=/usr/include \
      --with-bugurl=https://labs.parabola.nu/ \
      --enable-add-ons=nptl,libidn$extra_addons \
      --enable-obsolete-rpc \
      --enable-kernel=2.6.32 \
      --enable-bind-now --disable-profile \
      --enable-stackguard-randomization \
      --enable-lock-elision $extra

  # build libraries with hardening disabled
  echo "build-programs=no" >> configparms
  make
  
  # re-enable hardening for programs
  sed -i "/build-programs=/s#no#yes#" configparms
  echo "CC += -fstack-protector -D_FORTIFY_SOURCE=2" >> configparms
  echo "CXX += -fstack-protector -D_FORTIFY_SOURCE=2" >> configparms
  make

  # remove harding in preparation to run test-suite
  sed -i '4,6d' configparms
}

check() {
  # Known to fail on mips64el.
  if [ "$CARCH" != "mips64el" ]; then
  # the linker commands need to be reordered - fixed in 2.19
  LDFLAGS=${LDFLAGS/--as-needed,/}

  cd ${srcdir}/glibc-build
  make check
  fi
}

package() {
  cd ${srcdir}/glibc-build

  install -dm755 ${pkgdir}/etc
  touch ${pkgdir}/etc/ld.so.conf

  make install_root=${pkgdir} install

  rm -f ${pkgdir}/etc/ld.so.{cache,conf}

  install -dm755 ${pkgdir}/usr/lib/{locale,systemd/system,tmpfiles.d}

  install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.conf ${pkgdir}/etc/nscd.conf
  install -m644 ${srcdir}/nscd.service ${pkgdir}/usr/lib/systemd/system
  install -m644 ${srcdir}/nscd.tmpfiles ${pkgdir}/usr/lib/tmpfiles.d/nscd.conf

  install -m644 ${srcdir}/${pkgname}-${pkgver}/posix/gai.conf ${pkgdir}/etc/gai.conf

  install -m755 ${srcdir}/locale-gen ${pkgdir}/usr/bin

  # create /etc/locale.gen
  install -m644 ${srcdir}/locale.gen.txt ${pkgdir}/etc/locale.gen
  sed -e '1,3d' -e 's|/| |g' -e 's|\\| |g' -e 's|^|#|g' \
    ${srcdir}/glibc-${pkgver}/localedata/SUPPORTED >> ${pkgdir}/etc/locale.gen

  # remove the static libraries that have a shared counterpart
  # note: keep libc, libdl, libm, libpthread for binutils testsuite
  rm $pkgdir/usr/lib/lib{anl,BrokenLocale,crypt,nsl,resolv,rt,util}.a

  # Do not strip the following files for improved debugging support
  # ("improved" as in not breaking gdb and valgrind...):
  #   ld-${pkgver}.so
  #   libc-${pkgver}.so
  #   libpthread-${pkgver}.so
  #   libthread_db-1.0.so

  cd $pkgdir
  strip $STRIP_BINARIES usr/bin/{gencat,getconf,getent,iconv,iconvconfig} \
                        usr/bin/{ldconfig,locale,localedef,nscd,makedb} \
                        usr/bin/{pcprofiledump,pldd,rpcgen,sln,sprof} \
                        usr/lib/getconf/*
  [[ $CARCH = "i686" ]] && strip $STRIP_BINARIES usr/bin/lddlibc4

  strip $STRIP_STATIC usr/lib/*.a

  strip $STRIP_SHARED usr/lib/{libanl,libBrokenLocale,libcidn,libcrypt}-*.so \
                      usr/lib/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \
                      usr/lib/{libdl,libm,libnsl,libresolv,librt,libutil}-*.so \
                      usr/lib/{libmemusage,libpcprofile,libSegFault}.so \
                      usr/lib/{audit,gconv}/*.so
}