misc pax/grsec fixes from peter mazinger

3 files changed, 23 insertions, 4 deletions

diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog
index 66067b50e6d2..1afd91e8182e 100644
--- a/sys-libs/glibc/ChangeLog
+++ b/sys-libs/glibc/ChangeLog
@@ -1,6 +1,9 @@
 # ChangeLog for sys-libs/glibc
 # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.158 2004/05/30 01:32:38 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.159 2004/05/30 15:03:30 lv Exp $
+
+  30 May 2004; Travis Tilley <lv@gentoo.org> glibc-2.3.3_pre20040529.ebuild:
+  misc pax/grsec fixes from peter mazinger
 
 *glibc-2.3.3_pre20040529 (29 May 2004)
 
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
index 000908341a5a..e9c4ecc69301 100644
--- a/sys-libs/glibc/Manifest
+++ b/sys-libs/glibc/Manifest
@@ -3,12 +3,12 @@ MD5 37180d536733ae205d0db321571cd5ca glibc-2.3.3_pre20040117-r1.ebuild 19232
 MD5 6ac96ce0f33c3d794730111609c45576 glibc-2.3.2-r3.ebuild 17308
 MD5 40b73d3cb79e611b0b6a3385f1601e32 glibc-2.3.3_pre20040207.ebuild 19594
 MD5 c09629c691d99b48b52e8ee8083cd1da glibc-2.3.3_pre20031210.ebuild 19015
-MD5 44df130c5fdc847224c7c25ed2251eea glibc-2.3.3_pre20040529.ebuild 20163
+MD5 64e80cf84ff437267a22734b7a94d0cb glibc-2.3.3_pre20040529.ebuild 21155
 MD5 081030d4ac6e9b8879727089b52b28fd glibc-2.3.2-r10.ebuild 19418
 MD5 03c72a7da4b62b7c73dbb67b70252a20 glibc-2.3.3_pre20040117.ebuild 18526
 MD5 6ae51bfd7e5cc6af9b1ea678354a8760 glibc-2.3.2-r2.ebuild 17968
 MD5 c1f9466ec8250dd47beb7a71f7c536fe glibc-2.3.1-r5.ebuild 10719
-MD5 169f79e8cab73a014634eec748cd0d50 ChangeLog 32230
+MD5 9cfe0a85f216383c172ee53ed3bf6dd8 ChangeLog 32351
 MD5 8e0c5284b715af1e90ed2c0e2184599c glibc-2.3.3_pre20040420.ebuild 19887
 MD5 567094e03359ffc1c95af7356395228d metadata.xml 162
 MD5 b141dc6e9c4183e869f6d95f0f015b99 glibc-2.2.5-r9.ebuild 10002
diff --git a/sys-libs/glibc/glibc-2.3.3_pre20040529.ebuild b/sys-libs/glibc/glibc-2.3.3_pre20040529.ebuild
index ebf8c24bee74..142ca6d672e6 100644
--- a/sys-libs/glibc/glibc-2.3.3_pre20040529.ebuild
+++ b/sys-libs/glibc/glibc-2.3.3_pre20040529.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.3_pre20040529.ebuild,v 1.2 2004/05/30 02:15:00 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.3_pre20040529.ebuild,v 1.3 2004/05/30 15:03:30 lv Exp $
 
 IUSE="nls pic build nptl erandom"
 
@@ -439,6 +439,20 @@ src_unpack() {
 
 	# Fix permissions on some of the scripts
 	chmod u+x ${S}/scripts/*.sh
+
+	# disable -z relro
+	use hardened || sed -e 's/^have-z-relro.*/have-z-relro = no/' -i ${S}/config.make.in
+	# disables building nscd as pie
+	use hardened || sed -e 's/^have-fpie.*/have-fpie = no/' -i ${S}/config.make.in
+	# disable binutils -as-needed, useful, if glibc should not depend on libgcc_s.so
+	sed -e 's/^have-as-needed.*/have-as-needed = no/' -i ${S}/config.make.in
+	# disable execstack (the patch is used by rh for gcc < 3.3.3)
+	#use hardened || epatch ${FILESDIR}/2.3.3/glibc-execstack-disable.patch
+	#use hardened || sed -e 's/^ASFLAGS-config.*/ASFLAGS-config =/' -i ${S}/config.make.in
+	# mandatory, if binutils supports relro and the kernel is pax/grsecurity enabled
+	# solves almost all segfaults building the locale files on grsecurity enabled kernels
+	# lv_* remaining (it could depend on bind-now enabled later)
+	use hardened && sed -e 's/^LDFLAGS-rtld += $(relro.*/LDFLAGS-rtld += -Wl,-z,norelro/' -i ${S}/Makeconfig
 }
 
 setup_flags() {
@@ -493,6 +507,8 @@ src_compile() {
 
 	use erandom || myconf="${myconf} --disable-dev-erandom"
 
+	use hardened && myconf="${myconf} --enable-bind-now"
+
 	if use_nptl
 	then
 		local kernelheaders="$(get_KHV "`KV_to_int ${MIN_NPTL_KV}`")"