###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.31
+VER = 2.38
THISAPP = glibc-$(VER)
DL_FILE = $(THISAPP).tar.xz
--host=$(CROSSTARGET) \
--build=$(BUILDTARGET) \
--prefix=$(TOOLS_DIR) \
- --with-headers=$(TOOLS_DIR)/include \
- libc_cv_forced_unwind=yes \
- libc_cv_c_cleanup=yes
+ --with-headers=$(TOOLS_DIR)/include
endif
-# Enable some extra optimization for the glibc code
-CFLAGS = -O3 -DNDEBUG -fasynchronous-unwind-tables -fPIC -DPIC
-
-ifeq "$(BUILD_ARCH)" "armv7hl"
- CFLAGS += -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard
-endif
-
-ifeq "$(BUILD_ARCH)" "i586"
- CFLAGS += -march=i586 -mtune=generic -mindirect-branch=thunk -mfunction-return=thunk -mno-tls-direct-seg-refs
-endif
-
-ifeq "$(BUILD_ARCH)" "x86_64"
- CFLAGS += -mindirect-branch=thunk -mfunction-return=thunk
-endif
-
-# Disable hardware FP for armv5tel
-ifeq "$(BUILD_ARCH)" "armv5tel"
- EXTRA_CONFIG += \
- --without-fp
+ifeq "$(BUILD_ARCH)" "aarch64"
+ CFLAGS += -Wno-error=maybe-uninitialized
endif
# Add some general configuration flags
EXTRA_CONFIG += \
- --enable-obsolete-rpc \
--disable-profile \
- --enable-kernel=3.2 \
+ --enable-kernel=5.4.0 \
--enable-add-ons \
--without-selinux \
--enable-experimental-malloc \
--enable-bind-now \
- --enable-obsolete-rpc \
- --enable-obsolete-nsl \
- --disable-nss-crypt
+ --enable-fortify-source \
+ --disable-crypt \
+ --disable-build-nscd \
+ --disable-nscd
+
+ifeq "$(BUILD_ARCH)" "x86_64"
+ EXTRA_CONFIG += --enable-cet
+endif
+
+ifeq "$(BUILD_ARCH)" "aarch64"
+ EXTRA_CONFIG += --enable-memory-tagging
+endif
###############################################################################
# Top-level Rules
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 78a720f17412f3c3282be5a6f3363ec6
+$(DL_FILE)_BLAKE2 = f9b039f0ef98a7dd8e1cba228ed10286b9e4fbe4dd89af4d26fa5c4e4cf266f19c2746b44d797ce54739d86499e74cf334aaf311bcf6e30120fd7748453e653f
install : $(TARGET)
download :$(patsubst %,$(DIR_DL)/%,$(objects))
-md5 : $(subst %,%_MD5,$(objects))
+b2 : $(subst %,%_BLAKE2,$(objects))
###############################################################################
-# Downloading, checking, md5sum
+# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
###############################################################################
# Installation Details
@rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
@mkdir $(DIR_SRC)/glibc-build
+ # Patches from upstream
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch
+
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-localedef-no-archive.patch
ifneq "$(TOOLCHAIN)" "1"
cd $(DIR_APP) && sed -i 's|libs -o|libs -L/usr/lib64 -Wl,-dynamic-linker=/lib64/ld-linux-x86-64.so.2 -o|' \
scripts/test-installation.pl
endif
-
- ifeq "$(BUILD_ARCH)" "i586"
- cd $(DIR_APP) && sed -i 's|libs -o|libs -L/usr/lib -Wl,-dynamic-linker=/lib/ld-linux.so.2 -o|' \
- scripts/test-installation.pl
- endif
-
- ifeq "$(BUILD_ARCH)" "armv5tel"
- cd $(DIR_APP) && sed -i 's|libs -o|libs -L/usr/lib -Wl,-dynamic-linker=/lib/ld-linux.so.3 -o|' \
- scripts/test-installation.pl
- endif
endif
cd $(DIR_SRC)/glibc-build && \