[arch-commits] Commit in glibc/trunk (PKGBUILD)
Allan McRae
allan at archlinux.org
Thu Feb 16 10:51:24 UTC 2017
Date: Thursday, February 16, 2017 @ 10:51:23
Author: allan
Revision: 289048
update
Modified:
glibc/trunk/PKGBUILD
----------+
PKGBUILD | 39 ++++++++++++++++-----------------------
1 file changed, 16 insertions(+), 23 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-02-16 10:50:57 UTC (rev 289047)
+++ PKGBUILD 2017-02-16 10:51:23 UTC (rev 289048)
@@ -5,9 +5,9 @@
# NOTE: valgrind requires rebuilt with each major glibc version
pkgname=glibc
-pkgver=2.24
-pkgrel=2.91
-_commit=fdfc9260
+pkgver=2.25
+pkgrel=1
+_commit=58520986c38e34db60e07260c64c563e3efcf353
pkgdesc="GNU C Library"
arch=('i686' 'x86_64')
url="http://www.gnu.org/software/libc"
@@ -20,22 +20,15 @@
etc/nscd.conf)
options=('!strip' 'staticlibs')
install=glibc.install
-source=(git://sourceware.org/git/glibc.git#commit=${_commit}
+source=(git+https://sourceware.org/git/glibc.git#commit=${_commit}
locale.gen.txt
- locale-gen
- 0001-Revert-Avoid-an-extra-branch-to-PLT-for-z-now.patch)
+ locale-gen)
md5sums=('SKIP'
'07ac979b6ab5eeb778d55f041529d623'
- '476e9113489f93b348b21e144b6a8fcf'
- 'aa0c0742ea5de00c25dfae8868c1bc9b')
+ '476e9113489f93b348b21e144b6a8fcf')
prepare() {
mkdir glibc-build
-
- cd glibc
- # build fails with PIE enabled toolchain
- # https://sourceware.org/bugzilla/show_bug.cgi?id=20621
- patch -p1 -i $srcdir/0001-Revert-Avoid-an-extra-branch-to-PLT-for-z-now.patch
}
build() {
@@ -52,11 +45,8 @@
echo "sbindir=/usr/bin" >> configparms
echo "rootsbindir=/usr/bin" >> configparms
- # remove hardening options for building libraries
+ # remove fortify for building libraries
CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}
- CFLAGS=${CFLAGS/-fstack-protector-strong/}
- # this is handled properly by --enable-bind-now
- LDFLAGS=${LDFLAGS/,-z,now/}
../${pkgname}/configure \
--prefix=/usr \
@@ -70,19 +60,20 @@
--enable-bind-now \
--disable-profile \
--enable-stackguard-randomization \
+ --enable-stack-protector=strong \
--enable-lock-elision \
--enable-multi-arch \
--disable-werror
- # build libraries with hardening disabled
+ # build libraries with fortify disabled
echo "build-programs=no" >> configparms
make
- # re-enable hardening for programs
+ # re-enable fortify for programs
sed -i "/build-programs=/s#no#yes#" configparms
- echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
- echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+ echo "CC += -D_FORTIFY_SOURCE=2" >> configparms
+ echo "CXX += -D_FORTIFY_SOURCE=2" >> configparms
make
}
@@ -89,7 +80,7 @@
check() {
cd glibc-build
- # remove harding in preparation to run test-suite
+ # remove fortify in preparation to run test-suite
sed -i '/FORTIFY/d' configparms
# some failures are "expected"
@@ -137,7 +128,9 @@
strip $STRIP_BINARIES usr/bin/lddlibc4
fi
- strip $STRIP_STATIC usr/lib/*.a
+ strip $STRIP_STATIC usr/lib/lib{anl,BrokenLocale,c{,_nonshared},crypt}.a \
+ usr/lib/lib{dl,g,ieee,m-${pkgver},mcheck,mvec{,_nonshared}}.a \
+ usr/lib/lib{nsl,pthread{,_nonshared},resolv,rpcsvc,rt,util}.a
strip $STRIP_SHARED usr/lib/lib{anl,BrokenLocale,cidn,crypt}-*.so \
usr/lib/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \
More information about the arch-commits
mailing list