cvs commit: patches/glibc glibc-2.3.2-inlining_fixes-2.patch glibc-2.3.2-ssp_frandom-2.patch glibc-2.3.2-test_lfs-1.patch glibc-2.3.3-got_fix-1.patch glibc-2.3.3-owl_malloc_unlink_sanity_check-1.patch glibc-2.3.3-pax_dl_execstack-1.patch glibc-2.3.3-pax_iconvconfig-1.patch glibc-2.3.3-ssp_frandom-2.patch glibc-2.3.2-inlining-fixes-2.patch glibc-2.3.2-ssp-frandom-2.patch glibc-2.3.2-test-lfs-1.patch glibc-2.3.3-got-fix-1.patch glibc-2.3.3-owl-malloc-unlink-sanity-check-1.patch glibc-2.3.3-pax-dl_execstack-1.patch glibc-2.3.3-pax-iconvconfig-1.patch glibc-2.3.3-ssp-frandom-2.patch

jim at linuxfromscratch.org jim at linuxfromscratch.org
Fri Jun 4 14:59:15 PDT 2004


jim         04/06/04 15:59:15

  Added:       glibc    glibc-2.3.2-inlining_fixes-2.patch
                        glibc-2.3.2-ssp_frandom-2.patch
                        glibc-2.3.2-test_lfs-1.patch
                        glibc-2.3.3-got_fix-1.patch
                        glibc-2.3.3-owl_malloc_unlink_sanity_check-1.patch
                        glibc-2.3.3-pax_dl_execstack-1.patch
                        glibc-2.3.3-pax_iconvconfig-1.patch
                        glibc-2.3.3-ssp_frandom-2.patch
  Removed:     glibc    glibc-2.3.2-inlining-fixes-2.patch
                        glibc-2.3.2-ssp-frandom-2.patch
                        glibc-2.3.2-test-lfs-1.patch
                        glibc-2.3.3-got-fix-1.patch
                        glibc-2.3.3-owl-malloc-unlink-sanity-check-1.patch
                        glibc-2.3.3-pax-dl_execstack-1.patch
                        glibc-2.3.3-pax-iconvconfig-1.patch
                        glibc-2.3.3-ssp-frandom-2.patch
  Log:
  Naming Scheme Update
  
  Revision  Changes    Path
  1.1                  patches/glibc/glibc-2.3.2-inlining_fixes-2.patch
  
  Index: glibc-2.3.2-inlining_fixes-2.patch
  ===================================================================
  Submitted By: Greg Schafer <gschafer at zip dot com dot au>
  Date: 2003-10-20
  Initial Package Version: 2.3.2
  Origin: I backported these fixes directly from Glibc CVS HEAD.
  Description: Dramatically reduce the number of "inlining failed" type warnings.
  
  This patch, when combined with -finline-limit=2000, reduces the number of
  "inlining failed" type warnings from 3878 down to 28 (unique 309 down to 6). At
  the time Glibc-2.3.2 was released, Gcc-3.2.x was the preferred compiler.
  Gcc-3.3.x introduced a new inliner which showed up a number of areas in the
  Glibc source that needed reviewing.
  
  Glibc is largely maintained by 3 RH employees. Those guys know what they're
  doing and have seen fit to include the -finline-limit=2000 flag in the RH spec
  file for quite some time now. Thus there can be no doubts about the validity of
  using this flag in my view. If using this patch, be sure to add it to your
  CFLAGS, for example:
  
  CFLAGS="-g -O2 -finline-limit=2000" ./configure..............
  
  I tested this by compiling Glibc-2.3.2 with Gcc-3.3.2. Glibc test suite passed.
  
  
  diff -Naur glibc-2.3.2.orig/elf/dl-load.c glibc-2.3.2/elf/dl-load.c
  --- glibc-2.3.2.orig/elf/dl-load.c	2003-01-16 18:14:41.000000000 +0000
  +++ glibc-2.3.2/elf/dl-load.c	2003-10-19 11:11:18.583018456 +0000
  @@ -353,7 +353,7 @@
   
   static size_t max_dirnamelen;
   
  -static inline struct r_search_path_elem **
  +static struct r_search_path_elem **
   fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
   	      int check_trusted, const char *what, const char *where)
   {
  diff -Naur glibc-2.3.2.orig/elf/do-lookup.h glibc-2.3.2/elf/do-lookup.h
  --- glibc-2.3.2.orig/elf/do-lookup.h	2002-04-13 07:32:17.000000000 +0000
  +++ glibc-2.3.2/elf/do-lookup.h	2003-10-19 11:11:45.474930264 +0000
  @@ -28,7 +28,7 @@
   /* Inner part of the lookup functions.  We return a value > 0 if we
      found the symbol, the value 0 if nothing is found and < 0 if
      something bad happened.  */
  -static inline int
  +static int
   FCT (const char *undef_name, unsigned long int hash, const ElfW(Sym) *ref,
        struct sym_val *result, struct r_scope_elem *scope, size_t i, ARG,
        struct link_map *skip, int type_class)
  diff -Naur glibc-2.3.2.orig/iconv/gconv_conf.c glibc-2.3.2/iconv/gconv_conf.c
  --- glibc-2.3.2.orig/iconv/gconv_conf.c	2002-12-16 04:26:02.000000000 +0000
  +++ glibc-2.3.2/iconv/gconv_conf.c	2003-10-19 11:31:32.327501248 +0000
  @@ -125,7 +125,7 @@
   
   
   /* Add new alias.  */
  -static inline void
  +static void
   add_alias (char *rp, void *modules)
   {
     /* We now expect two more string.  The strings are normalized
  @@ -178,7 +178,7 @@
   
   
   /* Insert a data structure for a new module in the search tree.  */
  -static inline void
  +static void
   internal_function
   insert_module (struct gconv_module *newp, int tobefreed)
   {
  diff -Naur glibc-2.3.2.orig/iconv/loop.c glibc-2.3.2/iconv/loop.c
  --- glibc-2.3.2.orig/iconv/loop.c	2003-01-16 06:30:13.000000000 +0000
  +++ glibc-2.3.2/iconv/loop.c	2003-10-19 10:51:18.255495976 +0000
  @@ -257,6 +257,7 @@
   
   /* The function returns the status, as defined in gconv.h.  */
   static inline int
  +__attribute ((always_inline))
   FCTNAME (LOOPFCT) (struct __gconv_step *step,
   		   struct __gconv_step_data *step_data,
   		   const unsigned char **inptrp, const unsigned char *inend,
  @@ -342,6 +343,7 @@
   # define SINGLE(fct) SINGLE2 (fct)
   # define SINGLE2(fct) fct##_single
   static inline int
  +__attribute ((always_inline))
   SINGLE(LOOPFCT) (struct __gconv_step *step,
   		 struct __gconv_step_data *step_data,
   		 const unsigned char **inptrp, const unsigned char *inend,
  diff -Naur glibc-2.3.2.orig/iconvdata/cns11643.h glibc-2.3.2/iconvdata/cns11643.h
  --- glibc-2.3.2.orig/iconvdata/cns11643.h	2002-04-20 07:31:30.000000000 +0000
  +++ glibc-2.3.2/iconvdata/cns11643.h	2003-10-19 11:07:43.240755456 +0000
  @@ -40,6 +40,7 @@
   
   
   static inline uint32_t
  +__attribute ((always_inline))
   cns11643_to_ucs4 (const char **s, size_t avail, unsigned char offset)
   {
     unsigned char ch = *(*s);
  @@ -140,6 +141,7 @@
   
   
   static inline size_t
  +__attribute ((always_inline))
   ucs4_to_cns11643 (uint32_t wch, char *s, size_t avail)
   {
     unsigned int ch = (unsigned int) wch;
  diff -Naur glibc-2.3.2.orig/iconvdata/cns11643l1.h glibc-2.3.2/iconvdata/cns11643l1.h
  --- glibc-2.3.2.orig/iconvdata/cns11643l1.h	2001-07-07 19:20:59.000000000 +0000
  +++ glibc-2.3.2/iconvdata/cns11643l1.h	2003-10-19 11:08:23.728600368 +0000
  @@ -26,6 +26,7 @@
   
   
   static inline uint32_t
  +__attribute ((always_inline))
   cns11643l1_to_ucs4 (const unsigned char **s, size_t avail,
   		    unsigned char offset)
   {
  @@ -71,6 +72,7 @@
   
   
   static inline size_t
  +__attribute ((always_inline))
   ucs4_to_cns11643l1 (uint32_t wch, unsigned char *s, size_t avail)
   {
     unsigned int ch = (unsigned int) wch;
  diff -Naur glibc-2.3.2.orig/iconvdata/euc-kr.c glibc-2.3.2/iconvdata/euc-kr.c
  --- glibc-2.3.2.orig/iconvdata/euc-kr.c	2002-12-02 21:26:10.000000000 +0000
  +++ glibc-2.3.2/iconvdata/euc-kr.c	2003-10-19 22:18:06.629870848 +0000
  @@ -25,6 +25,7 @@
   
   
   static inline void
  +__attribute ((always_inline))
   euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
   {
     if (ch > 0x9f)
  diff -Naur glibc-2.3.2.orig/iconvdata/gb2312.h glibc-2.3.2/iconvdata/gb2312.h
  --- glibc-2.3.2.orig/iconvdata/gb2312.h	2001-07-07 19:20:59.000000000 +0000
  +++ glibc-2.3.2/iconvdata/gb2312.h	2003-10-19 11:30:16.671002784 +0000
  @@ -67,6 +67,7 @@
   extern const char __gb2312_from_ucs4_tab9[][2];
   
   static inline size_t
  +__attribute ((always_inline))
   ucs4_to_gb2312 (uint32_t wch, unsigned char *s, size_t avail)
   {
     unsigned int ch = (unsigned int) wch;
  diff -Naur glibc-2.3.2.orig/iconvdata/jis0201.h glibc-2.3.2/iconvdata/jis0201.h
  --- glibc-2.3.2.orig/iconvdata/jis0201.h	2001-07-07 19:21:02.000000000 +0000
  +++ glibc-2.3.2/iconvdata/jis0201.h	2003-10-19 21:45:00.833757744 +0000
  @@ -38,6 +38,7 @@
   
   
   static inline size_t
  +__attribute ((always_inline))
   ucs4_to_jisx0201 (uint32_t wch, char *s)
   {
     char ch;
  diff -Naur glibc-2.3.2.orig/iconvdata/jis0208.h glibc-2.3.2/iconvdata/jis0208.h
  --- glibc-2.3.2.orig/iconvdata/jis0208.h	2001-07-07 19:21:02.000000000 +0000
  +++ glibc-2.3.2/iconvdata/jis0208.h	2003-10-19 21:45:34.129695992 +0000
  @@ -70,6 +70,7 @@
   
   
   static inline size_t
  +__attribute ((always_inline))
   ucs4_to_jisx0208 (uint32_t wch, char *s, size_t avail)
   {
     unsigned int ch = (unsigned int) wch;
  diff -Naur glibc-2.3.2.orig/iconvdata/jis0212.h glibc-2.3.2/iconvdata/jis0212.h
  --- glibc-2.3.2.orig/iconvdata/jis0212.h	2001-07-07 19:21:02.000000000 +0000
  +++ glibc-2.3.2/iconvdata/jis0212.h	2003-10-19 21:45:55.678420088 +0000
  @@ -77,6 +77,7 @@
   
   
   static inline size_t
  +__attribute ((always_inline))
   ucs4_to_jisx0212 (uint32_t wch, char *s, size_t avail)
   {
     const struct jisx0212_idx *rp = __jisx0212_from_ucs_idx;
  diff -Naur glibc-2.3.2.orig/iconvdata/jisx0213.h glibc-2.3.2/iconvdata/jisx0213.h
  --- glibc-2.3.2.orig/iconvdata/jisx0213.h	2002-04-20 07:41:04.000000000 +0000
  +++ glibc-2.3.2/iconvdata/jisx0213.h	2003-10-19 21:46:48.384407560 +0000
  @@ -32,6 +32,7 @@
   #define NELEMS(arr) (sizeof (arr) / sizeof (arr[0]))
   
   static inline uint32_t
  +__attribute ((always_inline))
   jisx0213_to_ucs4 (unsigned int row, unsigned int col)
   {
     uint32_t val;
  diff -Naur glibc-2.3.2.orig/iconvdata/ksc5601.h glibc-2.3.2/iconvdata/ksc5601.h
  --- glibc-2.3.2.orig/iconvdata/ksc5601.h	2001-07-07 19:21:02.000000000 +0000
  +++ glibc-2.3.2/iconvdata/ksc5601.h	2003-10-19 21:49:34.964083600 +0000
  @@ -85,6 +85,7 @@
   }
   
   static inline size_t
  +__attribute ((always_inline))
   ucs4_to_ksc5601_hangul (uint32_t wch, unsigned char *s, size_t avail)
   {
     int l = 0;
  @@ -116,6 +117,7 @@
   
   
   static inline size_t
  +__attribute ((always_inline))
   ucs4_to_ksc5601_hanja (uint32_t wch, unsigned char *s, size_t avail)
   {
     int l = 0;
  @@ -146,6 +148,7 @@
   }
   
   static inline  size_t
  +__attribute ((always_inline))
   ucs4_to_ksc5601_sym (uint32_t wch, unsigned char *s, size_t avail)
   {
     int l = 0;
  @@ -177,6 +180,7 @@
   
   
   static inline size_t
  +__attribute ((always_inline))
   ucs4_to_ksc5601 (uint32_t wch, unsigned char *s, size_t avail)
   {
     if (wch >= 0xac00 && wch <= 0xd7a3)
  diff -Naur glibc-2.3.2.orig/iconvdata/utf-7.c glibc-2.3.2/iconvdata/utf-7.c
  --- glibc-2.3.2.orig/iconvdata/utf-7.c	2002-06-28 19:43:39.000000000 +0000
  +++ glibc-2.3.2/iconvdata/utf-7.c	2003-10-19 21:50:34.483035344 +0000
  @@ -93,7 +93,7 @@
   
   
   /* Converts a value in the range 0..63 to a base64 encoded char.  */
  -static inline unsigned char
  +static unsigned char
   base64 (unsigned int i)
   {
     if (i < 26)
  diff -Naur glibc-2.3.2.orig/io/ftw.c glibc-2.3.2/io/ftw.c
  --- glibc-2.3.2.orig/io/ftw.c	2003-02-08 18:25:54.000000000 +0000
  +++ glibc-2.3.2/io/ftw.c	2003-10-19 11:14:39.444482872 +0000
  @@ -258,6 +258,7 @@
   
   
   static inline int
  +__attribute ((always_inline))
   open_dir_stream (struct ftw_data *data, struct dir_data *dirp)
   {
     int result = 0;
  @@ -348,7 +349,8 @@
   }
   
   
  -static inline int
  +static int
  +internal_function
   process_entry (struct ftw_data *data, struct dir_data *dir, const char *name,
   	       size_t namlen)
   {
  diff -Naur glibc-2.3.2.orig/linuxthreads/spinlock.h glibc-2.3.2/linuxthreads/spinlock.h
  --- glibc-2.3.2.orig/linuxthreads/spinlock.h	2001-05-24 23:23:00.000000000 +0000
  +++ glibc-2.3.2/linuxthreads/spinlock.h	2003-10-19 21:23:52.703542840 +0000
  @@ -196,7 +196,7 @@
   }
   
   
  -static inline void
  +static inline __attribute__((always_inline)) void
   __pthread_set_own_extricate_if (pthread_descr self, pthread_extricate_if *peif)
   {
     /* Only store a non-null peif if the thread has cancellation enabled.
  diff -Naur glibc-2.3.2.orig/locale/setlocale.c glibc-2.3.2/locale/setlocale.c
  --- glibc-2.3.2.orig/locale/setlocale.c	2002-12-04 09:53:49.000000000 +0000
  +++ glibc-2.3.2/locale/setlocale.c	2003-10-19 21:22:09.697202184 +0000
  @@ -128,7 +128,7 @@
   
   
   /* Construct a new composite name.  */
  -static inline char *
  +static char *
   new_composite_name (int category, const char *newnames[__LC_LAST])
   {
     size_t last_len = 0;
  diff -Naur glibc-2.3.2.orig/locale/weight.h glibc-2.3.2/locale/weight.h
  --- glibc-2.3.2.orig/locale/weight.h	2001-07-07 19:21:04.000000000 +0000
  +++ glibc-2.3.2/locale/weight.h	2003-10-19 10:52:58.192303272 +0000
  @@ -19,6 +19,7 @@
   
   /* Find index of weight.  */
   static inline int32_t
  +__attribute ((always_inline))
   findidx (const unsigned char **cpp)
   {
     int_fast32_t i = table[*(*cpp)++];
  diff -Naur glibc-2.3.2.orig/locale/weightwc.h glibc-2.3.2/locale/weightwc.h
  --- glibc-2.3.2.orig/locale/weightwc.h	2001-08-07 04:23:14.000000000 +0000
  +++ glibc-2.3.2/locale/weightwc.h	2003-10-19 10:53:09.349607104 +0000
  @@ -19,6 +19,7 @@
   
   /* Find index of weight.  */
   static inline int32_t
  +__attribute ((always_inline))
   findidx (const wint_t **cpp)
   {
     int32_t i;
  diff -Naur glibc-2.3.2.orig/nss/nss_files/files-parse.c glibc-2.3.2/nss/nss_files/files-parse.c
  --- glibc-2.3.2.orig/nss/nss_files/files-parse.c	2002-08-10 18:09:07.000000000 +0000
  +++ glibc-2.3.2/nss/nss_files/files-parse.c	2003-10-19 10:54:27.942659144 +0000
  @@ -171,6 +171,7 @@
   }
   
   static inline char **
  +__attribute ((always_inline))
   parse_list (char *line, struct parser_data *data, size_t datalen, int *errnop)
   {
     char *eol, **list, **p;
  diff -Naur glibc-2.3.2.orig/posix/regcomp.c glibc-2.3.2/posix/regcomp.c
  --- glibc-2.3.2.orig/posix/regcomp.c	2003-02-21 01:17:47.000000000 +0000
  +++ glibc-2.3.2/posix/regcomp.c	2003-10-19 21:21:08.193552160 +0000
  @@ -2544,6 +2544,7 @@
        Return the value if succeeded, UINT_MAX otherwise.  */
   
     static inline unsigned int
  +  __attribute ((always_inline))
     lookup_collation_sequence_value (br_elem)
   	 bracket_elem_t *br_elem;
       {
  diff -Naur glibc-2.3.2.orig/stdlib/grouping.h glibc-2.3.2/stdlib/grouping.h
  --- glibc-2.3.2.orig/stdlib/grouping.h	2001-07-07 19:21:18.000000000 +0000
  +++ glibc-2.3.2/stdlib/grouping.h	2003-10-19 22:21:58.705589976 +0000
  @@ -29,7 +29,7 @@
      satisfies the grouping rules.  It is assumed that at least one digit
      follows BEGIN directly.  */
   
  -static inline const STRING_TYPE *
  +static const STRING_TYPE *
   correctly_grouped_prefix (const STRING_TYPE *begin, const STRING_TYPE *end,
   #ifdef USE_WIDE_CHAR
   			  wchar_t thousands,
  diff -Naur glibc-2.3.2.orig/stdlib/strtod.c glibc-2.3.2/stdlib/strtod.c
  --- glibc-2.3.2.orig/stdlib/strtod.c	2003-02-22 09:10:31.000000000 +0000
  +++ glibc-2.3.2/stdlib/strtod.c	2003-10-19 10:58:40.388281576 +0000
  @@ -205,7 +205,7 @@
   
   /* Return a floating point number of the needed type according to the given
      multi-precision number after possible rounding.  */
  -static inline FLOAT
  +static FLOAT
   round_and_return (mp_limb_t *retval, int exponent, int negative,
   		  mp_limb_t round_limb, mp_size_t round_bit, int more_bits)
   {
  @@ -300,7 +300,7 @@
      character od the string that is not part of the integer as the function
      value.  If the EXPONENT is small enough to be taken as an additional
      factor for the resulting number (see code) multiply by it.  */
  -static inline const STRING_TYPE *
  +static const STRING_TYPE *
   str_to_mpn (const STRING_TYPE *str, int digcnt, mp_limb_t *n, mp_size_t *nsize,
   	    int *exponent
   #ifndef USE_WIDE_CHAR
  diff -Naur glibc-2.3.2.orig/sysdeps/generic/ldsodefs.h glibc-2.3.2/sysdeps/generic/ldsodefs.h
  --- glibc-2.3.2.orig/sysdeps/generic/ldsodefs.h	2003-01-03 20:42:47.000000000 +0000
  +++ glibc-2.3.2/sysdeps/generic/ldsodefs.h	2003-10-19 10:59:57.025630928 +0000
  @@ -166,7 +166,7 @@
   
   /* Test whether given NAME matches any of the names of the given object.  */
   static __inline int
  -__attribute__ ((unused))
  +__attribute__ ((unused, always_inline))
   _dl_name_match_p (const char *__name, struct link_map *__map)
   {
     int __found = strcmp (__name, __map->l_name) == 0;
  diff -Naur glibc-2.3.2.orig/sysdeps/generic/unwind-dw2-fde.c glibc-2.3.2/sysdeps/generic/unwind-dw2-fde.c
  --- glibc-2.3.2.orig/sysdeps/generic/unwind-dw2-fde.c	2002-05-14 23:46:28.000000000 +0000
  +++ glibc-2.3.2/sysdeps/generic/unwind-dw2-fde.c	2003-10-19 11:02:36.861332208 +0000
  @@ -574,7 +574,7 @@
       }
   }
   
  -static inline void
  +static void
   end_fde_sort (struct object *ob, struct fde_accumulator *accu, size_t count)
   {
     fde_compare_t fde_compare;
  diff -Naur glibc-2.3.2.orig/sysdeps/posix/sprofil.c glibc-2.3.2/sysdeps/posix/sprofil.c
  --- glibc-2.3.2.orig/sysdeps/posix/sprofil.c	2002-12-16 04:26:25.000000000 +0000
  +++ glibc-2.3.2/sysdeps/posix/sprofil.c	2003-10-19 11:03:34.315597832 +0000
  @@ -104,7 +104,7 @@
     return pc;
   }
   
  -static inline void
  +static void
   profil_count (void *pcp, int prof_uint)
   {
     struct region *region, *r = prof_info.last;
  diff -Naur glibc-2.3.2.orig/sysdeps/unix/sysv/linux/i386/dl-procinfo.h glibc-2.3.2/sysdeps/unix/sysv/linux/i386/dl-procinfo.h
  --- glibc-2.3.2.orig/sysdeps/unix/sysv/linux/i386/dl-procinfo.h	2002-09-24 00:00:49.000000000 +0000
  +++ glibc-2.3.2/sysdeps/unix/sysv/linux/i386/dl-procinfo.h	2003-10-19 11:05:10.587962208 +0000
  @@ -97,7 +97,7 @@
   };
   
   static inline int
  -__attribute__ ((unused))
  +__attribute__ ((unused, always_inline))
   _dl_string_hwcap (const char *str)
   {
     int i;
  @@ -112,7 +112,7 @@
   
   
   static inline int
  -__attribute__ ((unused))
  +__attribute__ ((unused, always_inline))
   _dl_string_platform (const char *str)
   {
     int i;
  
  
  
  1.1                  patches/glibc/glibc-2.3.2-ssp_frandom-2.patch
  
  Index: glibc-2.3.2-ssp_frandom-2.patch
  ===================================================================
  Submitted By: Robert Connolly <cendres at videotron dot ca> (ashes)
  Date: 2004-04-24
  Initial Package Version: 2.3.2
  Origin: http://www.research.ibm.com/trl/projects/security/ssp/
          http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/sys/stack_protector.c
  Description: Smashing Stack Protector - This patch adds guard functions to
  Glibc.
  
  This patch depends on erandom sysctl from:
  http://frandom.sourceforge.net/
  http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt
  
  Also see:
  http://www.research.ibm.com/trl/projects/security/ssp/
  http://www.linuxfromscratch.org/hlfs/
  http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
  
  diff -Naur glibc-2.3.2.orig/sysdeps/generic/libc-start.c glibc-2.3.2.ssp-frandom/sysdeps/generic/libc-start.c
  --- glibc-2.3.2.orig/sysdeps/generic/libc-start.c	2003-02-14 22:59:15.000000000 +0000
  +++ glibc-2.3.2.ssp-frandom/sysdeps/generic/libc-start.c	2004-04-25 07:41:03.000000000 +0000
  @@ -143,6 +143,8 @@
       _dl_debug_printf ("\ntransferring control: %s\n\n", argv[0]);
   #endif
   
  +  __guard_setup ();
  +
   #ifdef HAVE_CANCELBUF
     if (setjmp (THREAD_SELF->cancelbuf) == 0)
   #endif
  diff -Naur glibc-2.3.2.orig/sysdeps/unix/sysv/linux/Dist glibc-2.3.2.ssp-frandom/sysdeps/unix/sysv/linux/Dist
  --- glibc-2.3.2.orig/sysdeps/unix/sysv/linux/Dist	2003-02-21 06:30:10.000000000 +0000
  +++ glibc-2.3.2.ssp-frandom/sysdeps/unix/sysv/linux/Dist	2004-04-25 07:39:32.000000000 +0000
  @@ -1,3 +1,4 @@
  +stack_protector.c
   bits/initspin.h
   cmsg_nxthdr.c
   dl-brk.c
  diff -Naur glibc-2.3.2.orig/sysdeps/unix/sysv/linux/Makefile glibc-2.3.2.ssp-frandom/sysdeps/unix/sysv/linux/Makefile
  --- glibc-2.3.2.orig/sysdeps/unix/sysv/linux/Makefile	2002-12-16 23:36:52.000000000 +0000
  +++ glibc-2.3.2.ssp-frandom/sysdeps/unix/sysv/linux/Makefile	2004-04-25 07:39:32.000000000 +0000
  @@ -1,5 +1,5 @@
   ifeq ($(subdir),csu)
  -sysdep_routines += errno-loc
  +sysdep_routines += errno-loc stack_protector
   endif
   
   ifeq ($(subdir),db2)
  diff -Naur glibc-2.3.2.orig/sysdeps/unix/sysv/linux/Versions glibc-2.3.2.ssp-frandom/sysdeps/unix/sysv/linux/Versions
  --- glibc-2.3.2.orig/sysdeps/unix/sysv/linux/Versions	2002-12-16 23:28:17.000000000 +0000
  +++ glibc-2.3.2.ssp-frandom/sysdeps/unix/sysv/linux/Versions	2004-04-25 07:39:32.000000000 +0000
  @@ -108,6 +108,7 @@
     GLIBC_2.3.2 {
       # New kernel interfaces.
       epoll_create; epoll_ctl; epoll_wait;
  +	__guard; __guard_setup; __stack_smash_handler;
     }
     GLIBC_PRIVATE {
       # needed by libpthread.
  diff -Naur glibc-2.3.2.orig/sysdeps/unix/sysv/linux/stack_protector.c glibc-2.3.2.ssp-frandom/sysdeps/unix/sysv/linux/stack_protector.c
  --- glibc-2.3.2.orig/sysdeps/unix/sysv/linux/stack_protector.c	1970-01-01 00:00:00.000000000 +0000
  +++ glibc-2.3.2.ssp-frandom/sysdeps/unix/sysv/linux/stack_protector.c	2004-04-25 07:39:32.000000000 +0000
  @@ -0,0 +1,160 @@
  +/*	$hlfs: ssp.c,v 1.1 2004/04/24 00:00:00 robert Exp $	*/
  +
  +/* Most of this code was copied from the gcc patch, libgcc2.c hunk, from
  + *	http://www.trl.ibm.com/projects/security/ssp/
  + * And therefore this code is part of gcc.
  + */
  +
  +/* Copyright (C) 1989, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
  +   2000, 2001, 2002  Free Software Foundation, Inc.
  +
  +This file is part of GCC.
  +
  +GCC is free software; you can redistribute it and/or modify it under
  +the terms of the GNU General Public License as published by the Free
  +Software Foundation; either version 2, or (at your option) any later
  +version.
  +
  +In addition to the permissions in the GNU General Public License, the
  +Free Software Foundation gives you unlimited permission to link the
  +compiled version of this file into combinations with other programs,
  +and to distribute those combinations without any restriction coming
  +from the use of this file.  (The General Public License restrictions
  +do apply in other respects; for example, they cover modification of
  +the file, and distribution when not linked into a combine
  +executable.)
  +
  +GCC is distributed in the hope that it will be useful, but WITHOUT ANY
  +WARRANTY; without even the implied warranty of MERCHANTABILITY or
  +FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  +for more details.
  +
  +You should have received a copy of the GNU General Public License
  +along with GCC; see the file COPYING.  If not, write to the Free
  +Software Foundation, 59 Temple Place - Suite 330, Boston, MA
  +02111-1307, USA.  */
  +
  +/* Some portions of this code were copied from
  + *	http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/sys/stack_protector.c
  + * And hence a dual license.
  + */
  +
  +/*
  + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat.
  + * All rights reserved.
  + *
  + * Redistribution and use in source and binary forms, with or without
  + * modification, are permitted provided that the following conditions
  + * are met:
  + * 1. Redistributions of source code must retain the above copyright
  + *    notice, this list of conditions and the following disclaimer.
  + * 2. Redistributions in binary form must reproduce the above copyright
  + *    notice, this list of conditions and the following disclaimer in the
  + *    documentation and/or other materials provided with the distribution.
  + *
  + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
  + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  + * DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
  + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
  + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  + * POSSIBILITY OF SUCH DAMAGE.
  + *
  + */
  +
  +#include <stdio.h>
  +#include <string.h>
  +#include <fcntl.h>
  +#include <unistd.h>
  +#include <sys/sysctl.h>
  +
  +#include <signal.h>
  +
  +#include <sys/types.h>
  +#include <sys/socket.h>
  +#include <sys/un.h>
  +
  +#include <sys/syslog.h>
  +#ifndef _PATH_LOG
  +#define _PATH_LOG "/dev/log"
  +#endif
  +
  +long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
  +
  +void __guard_setup (void)
  +{
  +	int i, mib[3];
  +	size_t len;
  +
  +	if (__guard[0] != 0)
  +		return;
  +
  +	/* Random is another depth in Linux, hence an array of 3. */
  +	mib[0] = CTL_KERN;
  +	mib[1] = KERN_RANDOM;
  +	mib[2] = RANDOM_ERANDOM;
  +
  +	len = 4;
  +	for (i = 0; i < sizeof(__guard) / 4; i++) {
  +		if (sysctl(mib, 3, (char *)&((int *)__guard)[i],
  +		    &len, NULL, 0) == -1)
  +			break;
  +	}
  +
  +	if (i < sizeof(__guard) / 4) {
  +		/* If sysctl was unsuccessful, use the "terminator canary". */
  +		((char *)__guard)[0] = 0; ((char*)__guard)[1] = 0;
  +		((char *)__guard)[2] = '\n'; ((char *)__guard)[3] = 255;
  +	}
  +}
  +
  +void __stack_smash_handler (char func[], int damaged)
  +{
  +	extern char * __progname;
  +	const char message[] = ": stack smashing attack in function ";
  +	int bufsz = 512, len;
  +	char buf[bufsz];
  +	int LogFile;
  +	struct sockaddr_un SyslogAddr;  /* AF_UNIX address of local logger */
  +
  +	sigset_t mask;
  +	sigfillset(&mask);
  +	sigdelset(&mask, SIGABRT);  /* Block all signal handlers */
  +	sigprocmask(SIG_BLOCK, &mask, NULL); /* except SIGABRT */
  +
  +	strcpy(buf, "<2>"); len=3;    /* send LOG_CRIT */
  +	strncat(buf, __progname, bufsz-len-1); len = strlen(buf);
  +	if (bufsz>len) {strncat(buf, message, bufsz-len-1); len = strlen(buf);}
  +	if (bufsz>len) {strncat(buf, func, bufsz-len-1); len = strlen(buf);}
  +	/* print error message */
  +	write (STDERR_FILENO, buf+3, len-3);
  +	if ((LogFile = socket(AF_UNIX, SOCK_DGRAM, 0)) != -1) {
  +		/* 
  +		* Send "found" message to the "/dev/log" path
  +		*/
  +		SyslogAddr.sun_family = AF_UNIX;
  +		(void)strncpy(SyslogAddr.sun_path, _PATH_LOG,
  +			sizeof(SyslogAddr.sun_path) - 1);
  +		SyslogAddr.sun_path[sizeof(SyslogAddr.sun_path) - 1] = '\0';
  +		sendto(LogFile, buf, len, 0, (struct sockaddr *)&SyslogAddr,
  +			sizeof(SyslogAddr));
  +	}
  +
  +	/* Make sure the default handler is associated with SIGABRT */
  +	struct sigaction sa;
  +
  +	memset(&sa, 0, sizeof(struct sigaction));
  +	sigfillset(&sa.sa_mask);    /* Block all signals */
  +	sa.sa_flags = 0;
  +	sa.sa_handler = SIG_DFL;
  +	sigaction(SIGABRT, &sa, NULL);
  +
  +	(void)kill(getpid(), SIGABRT);
  +
  +	_exit(127);
  +}
  +
  
  
  
  1.1                  patches/glibc/glibc-2.3.2-test_lfs-1.patch
  
  Index: glibc-2.3.2-test_lfs-1.patch
  ===================================================================
  Submitted By: Kevin P. Fleming (kpfleming at cox dot net)
  Date: 2003-09-25
  Initial Package Version: 2.3.2
  Origin: Kevin P. Fleming (kpfleming at cox dot net)
  Description: Modifies the Makefile for glibc's io/test-lfs test so that
  	     the test will be run in the object directory instead of /tmp.
               This is done because the test will fail (incorrectly) if /tmp
  	     is a tmpfs filesystem.
  
  --- /root/cvs/libc/io/Makefile	Thu Sep 25 19:43:34 2003
  +++ libc-new/io/Makefile	Thu Sep 25 21:20:30 2003
  @@ -91,6 +91,9 @@
   endif
   
   test-stat2-ARGS = Makefile . $(objpfx)test-stat2
  +# test-lfs will fail if run against a tmpfs filesystem on Linux, so try to
  +# avoid that by running the test in the build directory
  +test-lfs-ARGS = --test-dir=${common-objpfx}io
   
   ifeq ($(cross-compiling),no)
   tests: $(objpfx)ftwtest.out
  
  
  
  1.1                  patches/glibc/glibc-2.3.3-got_fix-1.patch
  
  Index: glibc-2.3.3-got_fix-1.patch
  ===================================================================
  Submitted By: Robert Connolly <cendres at videotron dot ca> (ashes)
  Date: 2004-02-08
  Initial Package Version: 2.3.3
  Origin: http://dev.gentoo.org/~solar/glibc-2.3.3-got-fix.diff
  Description: This is a bugfix:
  "GOTOFF during linking seems to fail to recognize where main() is because it is
  not visible in the object linked which might not be really legal C but it
  apparently works anyway."
  This bug shows up in bind9's testsuite.
  http://www.gentoo.org/proj/en/hardened/
  http://www.linuxfromscratch.org/~robert/winter/Linux/
  
  --- glibc-2.3.2/sysdeps/i386/elf/start.S	2004-02-05 18:14:37.000000000 +0100
  +++ glibc-2.3.2/sysdeps/i386/elf/start.S	2004-02-05 23:32:16.000000000 +0100
  @@ -73,16 +73,13 @@ _start:
   	addl $_GLOBAL_OFFSET_TABLE_, %ebx
   
   	/* Push address of our own entry points to .fini and .init.  */
  -	leal __libc_csu_fini at GOTOFF(%ebx), %eax
  -	pushl %eax
  -	leal __libc_csu_init at GOTOFF(%ebx), %eax
  -	pushl %eax
  +	pushl __libc_csu_fini at GOT(%ebx)
  +	pushl __libc_csu_init at GOT(%ebx)
   
   	pushl %ecx		/* Push second argument: argv.  */
   	pushl %esi		/* Push first argument: argc.  */
   
  -	leal BP_SYM (main)@GOTOFF(%ebx), %eax
  -	pushl %eax
  +	pushl BP_SYM (main)@GOT(%ebx)
   
   	/* Call the user's main function, and exit with its value.
   	   But let the libc call main.    */
  
  
  
  1.1                  patches/glibc/glibc-2.3.3-owl_malloc_unlink_sanity_check-1.patch
  
  Index: glibc-2.3.3-owl_malloc_unlink_sanity_check-1.patch
  ===================================================================
  Submitted By: Robert Connolly <cendres at videotron dot ca> (ashes)
  Date: 2004-02-26
  Initial Package Version: 2.3.3
  Origin: http://www.openwall.com/Owl/
  http://www.gtlib.cc.gatech.edu/pub/gentoo/gentoo-x86-portage/sys-libs/glibc/\
  	files/2.3.3/glibc-2.3.3-owl-malloc-unlink-sanity-check.diff
  Description: A sanity fix from the Owl Linux Project.
  http://www.linuxfromscratch.org/~robert/winter/
  
  diff -Naur glibc-2.3.3-20040213.orig/malloc/malloc.c glibc-2.3.3-20040213/malloc/malloc.c
  --- glibc-2.3.3-20040213.orig/malloc/malloc.c	2003-12-17 23:31:28.000000000 +0000
  +++ glibc-2.3.3-20040213/malloc/malloc.c	2004-02-26 09:08:49.000000000 +0000
  @@ -315,6 +315,11 @@
   #define assert(x) ((void)0)
   #endif
   
  +/* needed for owl-malloc-unlink-sanity-check */
  +#include <abort-instr.h>
  +#ifndef ABORT_INSTRUCTION
  +#define ABORT_INSTRUCTION
  +#endif
   
   /*
     INTERNAL_SIZE_T is the word-size used for internal bookkeeping
  @@ -1954,6 +1959,14 @@
   #define unlink(P, BK, FD) {                                            \
     FD = P->fd;                                                          \
     BK = P->bk;                                                          \
  +  /* owl-malloc-unlink-sanity-check */                                 \
  +  if (FD->bk != P || BK->fd != P)                                      \
  +  {                                                                    \
  +    ABORT_INSTRUCTION;                                                 \
  +    _exit(127);                                                        \
  +    while (1)                                                          \
  +      ABORT_INSTRUCTION;                                               \
  +  }                                                                    \
     FD->bk = BK;                                                         \
     BK->fd = FD;                                                         \
   }
  
  
  
  1.1                  patches/glibc/glibc-2.3.3-pax_dl_execstack-1.patch
  
  Index: glibc-2.3.3-pax_dl_execstack-1.patch
  ===================================================================
  Submitted By: Robert Connolly <cendres at videotron dot ca> (ashes)
  Date: 2004-02-02
  Initial Package Version: 2.3.3
  Origin: http://csociety-ftp.ecn.purdue.edu/pub/gentoo-portage/ \
          sys-libs/glibc/files/2.3.3/glibc-2.3.3-dl_execstack-PaX-support.patch
  Description: This is needed for Pax. http://pax.grsecurity.net/
  http://www.gentoo.org/proj/en/hardened/
  https://twocents.mooo.com/hints/downloads/files/winter.txt
  
  --- glibc-2.3.3/sysdeps/unix/sysv/linux/dl-execstack.c	2003-12-13 15:42:16.853396224 +0200
  +++ glibc-2.3.3.PaX/sysdeps/unix/sysv/linux/dl-execstack.c	2003-12-13 15:42:25.290113648 +0200
  @@ -47,11 +47,17 @@
   		      PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN) == 0)
   	goto return_success;
   #  if __ASSUME_PROT_GROWSUPDOWN == 0
  -      if (errno == EINVAL)
  +      if (errno == EINVAL) {
   	no_growsdown = true;
  -      else
  +      } else {
  +#  endif
  +	if (errno == EACCES)		/* PAX is enabled */
  +	  return 0;
  +	else
  +	  return errno;
  +#  if __ASSUME_PROT_GROWSUPDOWN == 0
  +      }
   #  endif
  -	return errno;
       }
   # endif
   
  @@ -73,8 +79,11 @@
   	page -= size;
         else
   	{
  -	  if (errno != ENOMEM)	/* Unexpected failure mode.  */
  +	  if (errno == EACCES) {	/* PAX is enabled */
  +	    return 0;
  +	  } else if (errno != ENOMEM) {	/* Unexpected failure mode.  */
   	    return errno;
  +	  }
   
   	  if (size == GL(dl_pagesize))
   	    /* We just tried to mprotect the top hole page and failed.
  @@ -105,11 +114,17 @@
   		      PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSUP) == 0)
   	goto return_success;
   #  if __ASSUME_PROT_GROWSUPDOWN == 0
  -      if (errno == EINVAL)
  +      if (errno == EINVAL) {
   	no_growsup = true;
  -      else
  +      } else {
  +#  endif
  +	if (errno == EACCES)		/* PAX is enabled */
  +	  return 0;
  +	else
  +	  return errno;
  +#  if __ASSUME_PROT_GROWSUPDOWN == 0
  +      }
   #  endif
  -	return errno;
       }
   # endif
   
  @@ -130,8 +145,11 @@
   	page += size;
         else
   	{
  -	  if (errno != ENOMEM)	/* Unexpected failure mode.  */
  +	  if (errno == EACCES) {	/* PAX is enabled */
  +	    return 0;
  +	  } else if (errno != ENOMEM) {	/* Unexpected failure mode.  */
   	    return errno;
  +	  }
   
   	  if (size == GL(dl_pagesize))
   	    /* We just tried to mprotect the lowest hole page and failed.
  
  
  
  1.1                  patches/glibc/glibc-2.3.3-pax_iconvconfig-1.patch
  
  Index: glibc-2.3.3-pax_iconvconfig-1.patch
  ===================================================================
  Submitted By: Robert Connolly <cendres at videotron dot ca> (ashes)
  Date: 2004-02-04
  Initial Package Version: 2.3.3
  Origin: http://mirror.calvin.edu/gentoo/gentoo-portage/sys-libs/glibc/files/ \
          2.3.2/glibc-2.3.2-iconvconfig-name_insert.patch
  Description: This is needed for Pax. http://pax.grsecurity.net/
  http://www.gentoo.org/proj/en/hardened/
  https://twocents.mooo.com/hints/downloads/files/winter.txt
  
  --- glibc-2.3.2-net/iconv/iconvconfig.c	12 Jun 2003 09:48:20 -0000	1.1.1.10
  +++ glibc-2.3.2-redhat/iconv/iconvconfig.c	12 Jun 2003 09:55:36 -0000	1.14
  @@ -988,6 +988,34 @@ next_prime (uint32_t seed)
                                 module name offset
                            (following last entry with step count 0)
   */
  +
  +static struct hash_entry *hash_table;
  +static size_t hash_size;
  +
  +/* Function to insert the names.  */
  +static void name_insert (const void *nodep, VISIT value, int level)
  +{
  +  struct name *name;
  +  unsigned int idx;
  +  unsigned int hval2;
  +
  +  if (value != leaf && value != postorder)
  +    return;
  +
  +  name = *(struct name **) nodep;
  +  idx = name->hashval % hash_size;
  +  hval2 = 1 + name->hashval % (hash_size - 2);
  +
  +  while (hash_table[idx].string_offset != 0)
  +    if ((idx += hval2) >= hash_size)
  +      idx -= hash_size;
  +
  +  hash_table[idx].string_offset = strtaboffset (name->strent);
  +
  +  assert (name->module_idx != -1);
  +  hash_table[idx].module_idx = name->module_idx;
  +}
  +
   static int
   write_output (void)
   {
  @@ -995,8 +1023,6 @@ write_output (void)
     char *string_table;
     size_t string_table_size;
     struct gconvcache_header header;
  -  struct hash_entry *hash_table;
  -  size_t hash_size;
     struct module_entry *module_table;
     char *extra_table;
     char *cur_extra_table;
  @@ -1008,30 +1034,6 @@ write_output (void)
     char tmpfname[prefix_len + sizeof (GCONV_MODULES_CACHE)
   		+ strlen (".XXXXXX")];
     char finalname[prefix_len + sizeof (GCONV_MODULES_CACHE)];
  -
  -  /* Function to insert the names.  */
  -  static void name_insert (const void *nodep, VISIT value, int level)
  -    {
  -      struct name *name;
  -      unsigned int idx;
  -      unsigned int hval2;
  -
  -      if (value != leaf && value != postorder)
  -	return;
  -
  -      name = *(struct name **) nodep;
  -      idx = name->hashval % hash_size;
  -      hval2 = 1 + name->hashval % (hash_size - 2);
  -
  -      while (hash_table[idx].string_offset != 0)
  -	if ((idx += hval2) >= hash_size)
  -	  idx -= hash_size;
  -
  -      hash_table[idx].string_offset = strtaboffset (name->strent);
  -
  -      assert (name->module_idx != -1);
  -      hash_table[idx].module_idx = name->module_idx;
  -    }
   
     /* Open the output file.  */
     assert (GCONV_MODULES_CACHE[0] == '/');
  
  
  
  
  1.1                  patches/glibc/glibc-2.3.3-ssp_frandom-2.patch
  
  Index: glibc-2.3.3-ssp_frandom-2.patch
  ===================================================================
  Submitted By: Robert Connolly <cendres at videotron dot ca> (ashes)
  Date: 2004-04-24
  Initial Package Version: 2.3.3
  Origin: http://www.research.ibm.com/trl/projects/security/ssp/
          http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/sys/stack_protector.c
  Description: Smashing Stack Protector - This patch adds guard functions to
  Glibc.
  
  This patch depends on erandom sysctl from:
  http://frandom.sourceforge.net/
  http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt
  
  Also see:
  http://www.research.ibm.com/trl/projects/security/ssp/
  http://www.linuxfromscratch.org/hlfs/
  http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
  
  diff -Naur glibc-2.3-20040418.orig/sysdeps/generic/libc-start.c glibc-2.3-20040418.ssp-frandom/sysdeps/generic/libc-start.c
  --- glibc-2.3-20040418.orig/sysdeps/generic/libc-start.c	2004-03-31 01:46:43.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/generic/libc-start.c	2004-04-25 07:07:34.000000000 +0000
  @@ -188,6 +188,8 @@
       GLRO(dl_debug_printf) ("\ntransferring control: %s\n\n", argv[0]);
   #endif
   
  +  __guard_setup ();
  +
   #ifdef HAVE_CLEANUP_JMP_BUF
     /* Memory for the cancellation buffer.  */
     struct pthread_unwind_buf unwind_buf;
  diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Dist glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Dist
  --- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Dist	2003-09-24 05:04:29.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Dist	2004-04-25 07:09:46.000000000 +0000
  @@ -1,3 +1,4 @@
  +stack_protector.c
   bits/initspin.h
   cmsg_nxthdr.c
   dl-brk.c
  diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Makefile glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Makefile
  --- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Makefile	2004-04-03 07:45:26.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Makefile	2004-04-25 07:10:02.000000000 +0000
  @@ -1,5 +1,5 @@
   ifeq ($(subdir),csu)
  -sysdep_routines += errno-loc
  +sysdep_routines += errno-loc stack_protector
   endif
   
   ifeq ($(subdir),assert)
  diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Versions glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Versions
  --- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Versions	2004-03-19 00:13:55.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Versions	2004-04-25 07:08:58.000000000 +0000
  @@ -108,6 +108,7 @@
     GLIBC_2.3.2 {
       # New kernel interfaces.
       epoll_create; epoll_ctl; epoll_wait;
  +	__guard; __guard_setup; __stack_smash_handler;
     }
     GLIBC_2.3.3 {
       gnu_dev_major; gnu_dev_minor; gnu_dev_makedev;
  diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/stack_protector.c glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/stack_protector.c
  --- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/stack_protector.c	1970-01-01 00:00:00.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/stack_protector.c	2004-04-25 07:24:27.000000000 +0000
  @@ -0,0 +1,160 @@
  +/*	$hlfs: ssp.c,v 1.1 2004/04/24 00:00:00 robert Exp $	*/
  +
  +/* Most of this code was copied from the gcc patch, libgcc2.c hunk, from
  + *	http://www.trl.ibm.com/projects/security/ssp/
  + * And therefore this code is part of gcc.
  + */
  +
  +/* Copyright (C) 1989, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
  +   2000, 2001, 2002  Free Software Foundation, Inc.
  +
  +This file is part of GCC.
  +
  +GCC is free software; you can redistribute it and/or modify it under
  +the terms of the GNU General Public License as published by the Free
  +Software Foundation; either version 2, or (at your option) any later
  +version.
  +
  +In addition to the permissions in the GNU General Public License, the
  +Free Software Foundation gives you unlimited permission to link the
  +compiled version of this file into combinations with other programs,
  +and to distribute those combinations without any restriction coming
  +from the use of this file.  (The General Public License restrictions
  +do apply in other respects; for example, they cover modification of
  +the file, and distribution when not linked into a combine
  +executable.)
  +
  +GCC is distributed in the hope that it will be useful, but WITHOUT ANY
  +WARRANTY; without even the implied warranty of MERCHANTABILITY or
  +FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  +for more details.
  +
  +You should have received a copy of the GNU General Public License
  +along with GCC; see the file COPYING.  If not, write to the Free
  +Software Foundation, 59 Temple Place - Suite 330, Boston, MA
  +02111-1307, USA.  */
  +
  +/* Some portions of this code were copied from
  + *	http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/sys/stack_protector.c
  + * And hence a dual license.
  + */
  +
  +/*
  + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat.
  + * All rights reserved.
  + *
  + * Redistribution and use in source and binary forms, with or without
  + * modification, are permitted provided that the following conditions
  + * are met:
  + * 1. Redistributions of source code must retain the above copyright
  + *    notice, this list of conditions and the following disclaimer.
  + * 2. Redistributions in binary form must reproduce the above copyright
  + *    notice, this list of conditions and the following disclaimer in the
  + *    documentation and/or other materials provided with the distribution.
  + *
  + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
  + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  + * DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
  + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
  + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  + * POSSIBILITY OF SUCH DAMAGE.
  + *
  + */
  +
  +#include <stdio.h>
  +#include <string.h>
  +#include <fcntl.h>
  +#include <unistd.h>
  +#include <sys/sysctl.h>
  +
  +#include <signal.h>
  +
  +#include <sys/types.h>
  +#include <sys/socket.h>
  +#include <sys/un.h>
  +
  +#include <sys/syslog.h>
  +#ifndef _PATH_LOG
  +#define _PATH_LOG "/dev/log"
  +#endif
  +
  +long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
  +
  +void __guard_setup (void)
  +{
  +	int i, mib[3];
  +	size_t len;
  +
  +	if (__guard[0] != 0)
  +		return;
  +
  +	/* Random is another depth in Linux, hence an array of 3. */
  +	mib[0] = CTL_KERN;
  +	mib[1] = KERN_RANDOM;
  +	mib[2] = RANDOM_ERANDOM;
  +
  +	len = 4;
  +	for (i = 0; i < sizeof(__guard) / 4; i++) {
  +		if (sysctl(mib, 3, (char *)&((int *)__guard)[i],
  +		    &len, NULL, 0) == -1)
  +			break;
  +	}
  +
  +	if (i < sizeof(__guard) / 4) {
  +		/* If sysctl was unsuccessful, use the "terminator canary". */
  +		((char *)__guard)[0] = 0; ((char*)__guard)[1] = 0;
  +		((char *)__guard)[2] = '\n'; ((char *)__guard)[3] = 255;
  +	}
  +}
  +
  +void __stack_smash_handler (char func[], int damaged)
  +{
  +	extern char * __progname;
  +	const char message[] = ": stack smashing attack in function ";
  +	int bufsz = 512, len;
  +	char buf[bufsz];
  +	int LogFile;
  +	struct sockaddr_un SyslogAddr;  /* AF_UNIX address of local logger */
  +
  +	sigset_t mask;
  +	sigfillset(&mask);
  +	sigdelset(&mask, SIGABRT);  /* Block all signal handlers */
  +	sigprocmask(SIG_BLOCK, &mask, NULL); /* except SIGABRT */
  +
  +	strcpy(buf, "<2>"); len=3;    /* send LOG_CRIT */
  +	strncat(buf, __progname, bufsz-len-1); len = strlen(buf);
  +	if (bufsz>len) {strncat(buf, message, bufsz-len-1); len = strlen(buf);}
  +	if (bufsz>len) {strncat(buf, func, bufsz-len-1); len = strlen(buf);}
  +	/* print error message */
  +	write (STDERR_FILENO, buf+3, len-3);
  +	if ((LogFile = socket(AF_UNIX, SOCK_DGRAM, 0)) != -1) {
  +		/* 
  +		* Send "found" message to the "/dev/log" path
  +		*/
  +		SyslogAddr.sun_family = AF_UNIX;
  +		(void)strncpy(SyslogAddr.sun_path, _PATH_LOG,
  +			sizeof(SyslogAddr.sun_path) - 1);
  +		SyslogAddr.sun_path[sizeof(SyslogAddr.sun_path) - 1] = '\0';
  +		sendto(LogFile, buf, len, 0, (struct sockaddr *)&SyslogAddr,
  +			sizeof(SyslogAddr));
  +	}
  +
  +	/* Make sure the default handler is associated with SIGABRT */
  +	struct sigaction sa;
  +
  +	memset(&sa, 0, sizeof(struct sigaction));
  +	sigfillset(&sa.sa_mask);    /* Block all signals */
  +	sa.sa_flags = 0;
  +	sa.sa_handler = SIG_DFL;
  +	sigaction(SIGABRT, &sa, NULL);
  +
  +	(void)kill(getpid(), SIGABRT);
  +
  +	_exit(127);
  +}
  +
  
  
  



More information about the patches mailing list