--- gcc-3.3.2-r4.ebuild 2003-12-14 09:24:28.000000000 -0500 +++ gcc-3.3.2-r5.ebuild 2003-12-26 18:43:31.000000000 -0500 @@ -50,7 +50,7 @@ STDCXX_INCDIR="${LIBPATH}/include/g++-v$ # ProPolice version PP_VER="3_3" -PP_FVER="${PP_VER//_/.}-5" +PP_FVER="${PP_VER//_/.}-7" # Patch tarball support ... #PATCH_VER="1.0" @@ -172,6 +172,68 @@ version_patch() { epatch ${T}/${1##*/} } +ssp_guard_check() { + set -x + # due to the nature of this scan and why it's done I think we might be better off writing a + # helper ELF app in c to address this.... Anybody made use of ELF symbol versioning yet? -solar@gentoo + LIBC_SO="/lib/libc.so.6" + if [ `use ia64` -o ! -f ${LIBC_SO} ]; then + # ia64 does not have a /lib/libc.so.6 + [ -f /lib/libc.so.6.1 ] && LIBC_SO="/lib/libc.so.6.1" + fi + + [ ! -f "${LIBC_SO}" -a -f /lib/libc-2.3.2.so ] && LIBC_SO="/lib/libc-2.3.2.so" + + if [ -f "${LIBC_SO}" ]; then + # check for the glibc to have the guard + if [ -n "$(readelf -s ${LIBC_SO} | grep GLOBAL | grep OBJECT | grep __guard)" ] && + [ -n "$(readelf -s ${LIBC_SO} | grep GLOBAL | grep FUNC | grep __stack_smash_handler)" ]; then + # Per our request ssp-3.3-7 introduces a _LIBC_PROVIDES_SSP_ compile flag option + # for changing the generic ssp handler from libgcc2.c + append-flags "-D_LIBC_PROVIDES_SSP_" + fi + fi + + if [ `is-flag -D_LIBC_PROVIDES_SSP_` ] ; then + ewarn "This sys-libs/glibc has __guard object and __stack_smash_handler functions" + ewarn "scanning the system for binaries with __guard - this may take 5-10 minutes" + ewarn "Please do not press crtl-C or crtl-Z during this period - it will continue" + + [ -r /etc/ld.so.conf ] && + SO_CONF_DIRS="$(grep ^/ /etc/ld.so.conf | grep -v /usr/lib/gcc-lib|sort|uniq)" || + SO_CONF_DIRS="/lib /usr/lib /usr/X11R6/lib" + + for dname in ${SO_CONF_DIRS} $(echo ${PATH} | sed 's,:, ,g'|sort|uniq); do + if [ "$(find ${dname} -type f -perm -1 -maxdepth 2 -exec readelf -s {} \; 2>&1 | \ + grep "__guard\@GCC" 2>&1 1>/dev/null; echo $?)" == "0" ] ; then + echo + eerror "Your system has binaries that are dynamically linked with the libgcc" + eerror "__guard@@GCC symbol. Gentoo is moving away from this behavior as it causes" + eerror "many linking problems." + echo + eerror "You need to compile these binaries without CFLAGS -fstack-protector//hcc -r" + echo + eerror "Also, you have to make sure that using ccache needs the cache to be flushed" + eerror "wipe out /var/tmp/ccache or /root/.ccache. This will remove possible saved" + eerror "-fstack-protector arguments that still may reside in such a compiler cache" + echo + eerror "When such binaries are found, gcc cannot remove libgcc propolice functions" + eerror "leading to gcc -static -fstack-protector breaking, see gentoo bug id 25299" + einfo "You can run 'qpkg -f' from the gentoolkit package and reemerge the program" + einfo "To do a full scan on your system, enter this following command in a shell:" + echo + einfo "find / -type f -perm -1 -maxdepth 9 -exec echo -n '__guard at GCC check in: {} ' \; -exec qpkg -f {} \; -exec readelf -s {} \; 2>&1 | grep __guard | grep -B1 '__guard\@GCC'" + echo + die "Please fix your system then re emerge ${PN}" + fi + done + unset SO_CONF_DIRS + fi + unset LIBC_SO + # end of check for the glibc to have the guard + set +x +} + src_unpack() { if [ -z "${SNAPSHOT}" ] then @@ -236,41 +298,6 @@ src_unpack() { version_patch ${FILESDIR}/3.3.2/gcc332-gentoo-branding.patch \ "${BRANCH_UPDATE} (Gentoo Linux ${PVR}, propolice)" \ || die "Failed Branding" - - # check for the glibc to have the guard - if [ "$(readelf -s /lib/libc.so.6 | grep GLOBAL | grep OBJECT | grep '__guard')" ] && - [ "$(readelf -s /lib/libc.so.6 | grep GLOBAL | grep FUNC | grep '__stack_smash_handler')" ] - then - ewarn "This sys-libs/glibc has __guard object and __stack_smash_handler functions" - ewarn "scanning the system for binaries with __guard - this may take 5-10 minutes" - ewarn "Please do not press crtl-C or crtl-Z during this period - it will continue" - SCANPATH="$(for i in $(cat /etc/ld.so.conf | grep -v '/usr/lib/gcc-lib' | grep -v '^\#'); do echo -n $i; echo -n ' '; done) $(echo ${PATH} | sed 's,:, ,g')" - if [ "$(find ${SCANPATH} -type f -perm -1 -maxdepth 9 -exec readelf -s {} \; 2>&1 | grep "__guard\@GCC" 2>&1 1>/dev/null; echo $?)" == "0" ] - then - echo - eerror "Found binaries that are dynamically linked to the libgcc with __guard@@GCC" - eerror "You need to compile these binaries without CFLAGS -fstack-protector/hcc -r" - echo - eerror "Also, you have to make sure that using ccache needs the cache to be flushed" - eerror "wipe out /var/tmp/ccache or /root/.ccache. This will remove possible saved" - eerror "-fstack-protector arguments that still may reside in such a compiler cache" - echo - eerror "When such binaries are found, gcc cannot remove libgcc propolice functions" - eerror "leading to gcc -static -fstack-protector breaking, see gentoo bug id 25299" - einfo "You can run 'qpkg -f' from the gentoolkit package and reemerge the program" - einfo "To do a full scan on your system, enter this following command in a shell:" - echo - einfo "find / -type f -perm -1 -maxdepth 9 -exec echo -n '__guard at GCC check in: {} ' \; -exec qpkg -f {} \; -exec readelf -s {} \; 2>&1 | grep __guard | grep -B1 '__guard\@GCC'" - echo - exit 1 - else - echo - einfo "No binaries with suspicious libgcc __guard@GCC dependencies in ${SCANPATH}" - echo - epatch ${FILESDIR}/3.2.3/gcc-3.2.3-move-propolice-into-glibc.patch - fi - fi - # end of check for the glibc to have the guard fi # Install our pre generated manpages if we do not have perl ... @@ -283,6 +310,9 @@ src_unpack() { cp -a ${S}/libstdc++-v3/config/cpu/i{4,3}86/atomicity.h cd ${S}; ./contrib/gcc_update --touch &> /dev/null + + # after all patching we add the final ssp branding (Dec 26 2003) -solar@gentoo + sed -i -e s:"propolice)":"propolice-${PP_FVER})":g gcc/version.c } src_compile() { @@ -333,6 +363,11 @@ src_compile() { myconf="${myconf} --disable-multilib" fi + ssp_guard_check + if [ ! `is-flag -D_LIBC_PROVIDES_SSP_` ] ; then + die "Odd... No -D_LIBC_PROVIDES_SSP defined. Please upgrade your glibc first." + fi + # Fix linking problem with c++ apps which where linkedi # agains a 3.2.2 libgcc [ "${ARCH}" = "hppa" ] && myconf="${myconf} --enable-sjlj-exceptions"