2013-06-30 21:29:11 +02:00
|
|
|
################################################################################
|
|
|
|
#
|
2016-06-08 23:40:56 +02:00
|
|
|
# glibc
|
2013-06-30 21:29:11 +02:00
|
|
|
#
|
|
|
|
################################################################################
|
|
|
|
|
2017-10-10 15:31:50 +02:00
|
|
|
ifeq ($(BR2_arc),y)
|
2017-11-01 15:04:31 +01:00
|
|
|
GLIBC_VERSION = arc-2017.09-release
|
2017-10-10 15:31:50 +02:00
|
|
|
GLIBC_SITE = $(call github,foss-for-synopsys-dwc-arc-processors,glibc,$(GLIBC_VERSION))
|
|
|
|
else
|
2017-10-29 10:52:48 +01:00
|
|
|
# Generate version string using:
|
|
|
|
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
|
glibc: security bump to the latest 2.26 branch
List of fixes from the 2.26 branch NEWS files:
CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
suffered from a one-byte overflow during ~ operator processing (either
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
would sometimes fail to free memory allocated during ~ operator
processing, leading to a memory leak and, potentially, to a denial
of service.
CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim Rühsen.
CVE-2017-17426: The malloc function, when called with an object size near
the value SIZE_MAX, would return a pointer to a buffer which is too small,
instead of NULL. This was a regression introduced with the new malloc
thread cache in glibc 2.26. Reported by Iain Buclaw.
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 08:12:56 +01:00
|
|
|
GLIBC_VERSION = glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40
|
2017-10-29 10:52:48 +01:00
|
|
|
# Upstream doesn't officially provide an https download link.
|
|
|
|
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
|
|
|
|
# sometimes the connection times out. So use an unofficial github mirror.
|
|
|
|
# When updating the version, check it on the official repository;
|
|
|
|
# *NEVER* decide on a version string by looking at the mirror.
|
|
|
|
# Then check that the mirror has been synced already (happens once a day.)
|
package/glibc: switch to downloading a tarball
Currently, we do a full git clone of the repository, which takes quite
some time, especially on slow networks.
This was done like that because the initial patch was using the official
repository as the source of the download, and that repository did not
offer remotely-generated tarballs.
But now we've switched to using a mirror on github, which does provide
such a tarball, which provides faster downloads.
Use that.
However, the tarball from github differs from the one we were generating
locally, because the paths inside are different. WE used to create a
archive with paths starting with glibc-glibc-2.26-73-g4b692dfb95[...],
while github does away with the git-describe prefix, and generates paths
that start with just glibc-4b692dffb95[...]. The content are exactly
identicall (checked with a diff), though.
Update the hash accordingly.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-13 22:30:17 +01:00
|
|
|
GLIBC_SITE = $(call github,bminor,glibc,$(GLIBC_VERSION))
|
2017-10-10 15:31:50 +02:00
|
|
|
endif
|
|
|
|
|
2013-09-02 18:06:33 +02:00
|
|
|
GLIBC_SRC_SUBDIR = .
|
|
|
|
|
2017-03-30 15:43:38 +02:00
|
|
|
GLIBC_LICENSE = GPL-2.0+ (programs), LGPL-2.1+, BSD-3-Clause, MIT (library)
|
2013-09-02 18:06:33 +02:00
|
|
|
GLIBC_LICENSE_FILES = $(addprefix $(GLIBC_SRC_SUBDIR)/,COPYING COPYING.LIB LICENSES)
|
2013-06-30 21:29:11 +02:00
|
|
|
|
2014-02-14 10:55:04 +01:00
|
|
|
# glibc is part of the toolchain so disable the toolchain dependency
|
|
|
|
GLIBC_ADD_TOOLCHAIN_DEPENDENCY = NO
|
|
|
|
|
2016-06-08 23:40:54 +02:00
|
|
|
# Before glibc is configured, we must have the first stage
|
2013-06-30 21:29:11 +02:00
|
|
|
# cross-compiler and the kernel headers
|
2013-10-08 20:16:58 +02:00
|
|
|
GLIBC_DEPENDENCIES = host-gcc-initial linux-headers host-gawk
|
2013-06-30 21:29:11 +02:00
|
|
|
|
2013-09-02 18:06:33 +02:00
|
|
|
GLIBC_SUBDIR = build
|
2013-06-30 21:29:11 +02:00
|
|
|
|
2013-09-02 18:06:33 +02:00
|
|
|
GLIBC_INSTALL_STAGING = YES
|
2013-06-30 21:29:11 +02:00
|
|
|
|
2014-09-27 21:32:41 +02:00
|
|
|
GLIBC_INSTALL_STAGING_OPTS = install_root=$(STAGING_DIR) install
|
2013-06-30 21:29:11 +02:00
|
|
|
|
2013-07-19 15:06:32 +02:00
|
|
|
# Thumb build is broken, build in ARM mode
|
|
|
|
ifeq ($(BR2_ARM_INSTRUCTIONS_THUMB),y)
|
2013-09-02 18:06:33 +02:00
|
|
|
GLIBC_EXTRA_CFLAGS += -marm
|
2013-07-19 15:06:32 +02:00
|
|
|
endif
|
|
|
|
|
2013-09-25 17:00:57 +02:00
|
|
|
# MIPS64 defaults to n32 so pass the correct -mabi if
|
|
|
|
# we are using a different ABI. OABI32 is also used
|
|
|
|
# in MIPS so we pass -mabi=32 in this case as well
|
|
|
|
# even though it's not strictly necessary.
|
|
|
|
ifeq ($(BR2_MIPS_NABI64),y)
|
|
|
|
GLIBC_EXTRA_CFLAGS += -mabi=64
|
|
|
|
else ifeq ($(BR2_MIPS_OABI32),y)
|
|
|
|
GLIBC_EXTRA_CFLAGS += -mabi=32
|
|
|
|
endif
|
|
|
|
|
2015-01-01 11:16:43 +01:00
|
|
|
ifeq ($(BR2_ENABLE_DEBUG),y)
|
|
|
|
GLIBC_EXTRA_CFLAGS += -g
|
|
|
|
endif
|
|
|
|
|
2013-10-08 20:16:59 +02:00
|
|
|
# The stubs.h header is not installed by install-headers, but is
|
|
|
|
# needed for the gcc build. An empty stubs.h will work, as explained
|
|
|
|
# in http://gcc.gnu.org/ml/gcc/2002-01/msg00900.html. The same trick
|
|
|
|
# is used by Crosstool-NG.
|
|
|
|
ifeq ($(BR2_TOOLCHAIN_BUILDROOT_GLIBC),y)
|
|
|
|
define GLIBC_ADD_MISSING_STUB_H
|
|
|
|
mkdir -p $(STAGING_DIR)/usr/include/gnu
|
|
|
|
touch $(STAGING_DIR)/usr/include/gnu/stubs.h
|
|
|
|
endef
|
|
|
|
endif
|
|
|
|
|
2013-06-30 21:29:11 +02:00
|
|
|
# Even though we use the autotools-package infrastructure, we have to
|
|
|
|
# override the default configure commands for several reasons:
|
|
|
|
#
|
|
|
|
# 1. We have to build out-of-tree, but we can't use the same
|
|
|
|
# 'symbolic link to configure' used with the gcc packages.
|
|
|
|
#
|
|
|
|
# 2. We have to execute the configure script with bash and not sh.
|
|
|
|
#
|
2013-08-06 12:46:14 +02:00
|
|
|
# Note that as mentionned in
|
2016-06-08 23:40:56 +02:00
|
|
|
# http://patches.openembedded.org/patch/38849/, glibc must be
|
2013-09-02 18:06:33 +02:00
|
|
|
# built with -O2, so we pass our own CFLAGS and CXXFLAGS below.
|
|
|
|
define GLIBC_CONFIGURE_CMDS
|
2013-06-30 21:29:11 +02:00
|
|
|
mkdir -p $(@D)/build
|
|
|
|
# Do the configuration
|
|
|
|
(cd $(@D)/build; \
|
|
|
|
$(TARGET_CONFIGURE_OPTS) \
|
2013-09-02 18:06:33 +02:00
|
|
|
CFLAGS="-O2 $(GLIBC_EXTRA_CFLAGS)" CPPFLAGS="" \
|
|
|
|
CXXFLAGS="-O2 $(GLIBC_EXTRA_CFLAGS)" \
|
|
|
|
$(SHELL) $(@D)/$(GLIBC_SRC_SUBDIR)/configure \
|
2013-06-30 21:29:11 +02:00
|
|
|
ac_cv_path_BASH_SHELL=/bin/bash \
|
|
|
|
libc_cv_forced_unwind=yes \
|
toolchain: switch to a two stage gcc build
Currently, the internal toolchain backend does a three stage gcc
build, with the following sequence of builds:
- build gcc-initial
- configure libc, install headers and start files
- build gcc-intermediate
- build libc
- build gcc-final
However, it turns out that this is not necessary, and only a two stage
gcc build is needed. At some point, it was believed that a three stage
gcc build was needed for NPTL based toolchains with old gcc versions,
but even a gcc 4.4 build with a NPTL toolchain works fine.
So, this commit switches the internal toolchain backend to use a two
stage gcc build: just gcc-initial and gcc-final. It does so by:
* Removing the custom dependency of all C libraries build step to
host-gcc-intermediate. Now the C library packages simply have to
depend on host-gcc-initial as a normal dependency (which they
already do), and that's it.
* Build and install both gcc *and* libgcc in
host-gcc-initial. Previously, only gcc was built and installed in
host-gcc-initial. libgcc was only done in host-gcc-intermediate,
but now we need libgcc to build the C library.
* Pass appropriate environment variables to get SSP (Stack Smashing
Protection) to work properly:
- Tell the compiler that the libc will provide the SSP support, by
passing gcc_cv_libc_provides_ssp=yes. In Buildroot, we have
chosen to use the SSP support from the C library instead of the
SSP support from the compiler (this is not changed by this patch
series, it was already the case).
- Tell glibc to *not* build its own programs with SSP support. The
issue is that if glibc detects that the compiler supports
-fstack-protector, then glibc uses it to build a few things with
SSP. However, at this point, the support is not complete (we
only have host-gcc-initial, and the C library is not completely
built). So, we pass libc_cv_ssp=no to tell the C library to not
use SSP support itself. Note that this is not a big loss: only a
few parts of the C library were built with -fstack-protector,
not the entire library.
* A special change is needed for ARC, because its libgcc depends on
the C library, which breaks building libgcc in
host-gcc-initial. This looks like a bug in the ARC compiler, as it
does not obey the inhibit_libc variable which tells the compiler
build process to *not* enable things that depend on the C
library. So for now, in host-gcc-initial, we simply disable the
build of libgmon.a for ARC. It's going to be built as part of
host-gcc-final, so the final compiler will have gmon support.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-14 11:49:59 +02:00
|
|
|
libc_cv_ssp=no \
|
2013-06-30 21:29:11 +02:00
|
|
|
--target=$(GNU_TARGET_NAME) \
|
|
|
|
--host=$(GNU_TARGET_NAME) \
|
|
|
|
--build=$(GNU_HOST_NAME) \
|
|
|
|
--prefix=/usr \
|
|
|
|
--enable-shared \
|
|
|
|
$(if $(BR2_SOFT_FLOAT),--without-fp,--with-fp) \
|
2015-03-18 23:01:09 +01:00
|
|
|
$(if $(BR2_x86_64),--enable-lock-elision) \
|
2013-06-30 21:29:11 +02:00
|
|
|
--with-pkgversion="Buildroot" \
|
|
|
|
--without-cvs \
|
|
|
|
--disable-profile \
|
|
|
|
--without-gd \
|
|
|
|
--enable-obsolete-rpc \
|
2016-01-28 04:51:23 +01:00
|
|
|
--enable-kernel=$(call qstrip,$(BR2_TOOLCHAIN_HEADERS_AT_LEAST)) \
|
2013-06-30 21:29:11 +02:00
|
|
|
--with-headers=$(STAGING_DIR)/usr/include)
|
2013-10-08 20:16:59 +02:00
|
|
|
$(GLIBC_ADD_MISSING_STUB_H)
|
2013-06-30 21:29:11 +02:00
|
|
|
endef
|
|
|
|
|
|
|
|
#
|
|
|
|
# We also override the install to target commands since we only want
|
|
|
|
# to install the libraries, and nothing more.
|
|
|
|
#
|
|
|
|
|
2013-09-02 18:06:33 +02:00
|
|
|
GLIBC_LIBS_LIB = \
|
2017-02-24 10:03:07 +01:00
|
|
|
ld*.so.* libanl.so.* libc.so.* libcrypt.so.* libdl.so.* libgcc_s.so.* \
|
|
|
|
libm.so.* libnsl.so.* libpthread.so.* libresolv.so.* librt.so.* \
|
|
|
|
libutil.so.* libnss_files.so.* libnss_dns.so.* libmvec.so.*
|
2013-06-30 21:29:11 +02:00
|
|
|
|
2013-10-29 21:54:02 +01:00
|
|
|
ifeq ($(BR2_PACKAGE_GDB),y)
|
2013-10-08 20:17:06 +02:00
|
|
|
GLIBC_LIBS_LIB += libthread_db.so.*
|
2013-06-30 21:29:11 +02:00
|
|
|
endif
|
|
|
|
|
2013-09-02 18:06:33 +02:00
|
|
|
define GLIBC_INSTALL_TARGET_CMDS
|
2017-02-07 22:56:48 +01:00
|
|
|
for libpattern in $(GLIBC_LIBS_LIB); do \
|
|
|
|
$(call copy_toolchain_lib_root,$$libpattern) ; \
|
2013-06-30 21:29:11 +02:00
|
|
|
done
|
|
|
|
endef
|
|
|
|
|
|
|
|
$(eval $(autotools-package))
|