xref: /OK3568_Linux_fs/yocto/poky/meta/recipes-core/glibc/glibc_2.35.bb (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1require glibc.inc
2require glibc-version.inc
3
4CVE_CHECK_IGNORE += "CVE-2020-10029 CVE-2021-27645"
5
6# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022
7# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023
8# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024
9# Upstream glibc maintainers dispute there is any issue and have no plans to address it further.
10# "this is being treated as a non-security bug and no real threat."
11CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
12
13# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025
14# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow
15# easier access for another. "ASLR bypass itself is not a vulnerability."
16# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853
17CVE_CHECK_IGNORE += "CVE-2019-1010025"
18
19DEPENDS += "gperf-native bison-native"
20
21NATIVESDKFIXES ?= ""
22NATIVESDKFIXES:class-nativesdk = "\
23           file://0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch \
24           file://0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \
25           file://0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \
26           file://0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \
27           file://0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch \
28           file://0008-nativesdk-glibc-Fall-back-to-faccessat-on-faccess2-r.patch \
29"
30
31SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
32           file://etc/ld.so.conf \
33           file://generate-supported.mk \
34           file://makedbs.sh \
35           \
36           ${NATIVESDKFIXES} \
37           file://0009-yes-within-the-path-sets-wrong-config-variables.patch \
38           file://0010-eglibc-Cross-building-and-testing-instructions.patch \
39           file://0011-eglibc-Help-bootstrap-cross-toolchain.patch \
40           file://0012-eglibc-Resolve-__fpscr_values-on-SH4.patch \
41           file://0013-eglibc-Forward-port-cross-locale-generation-support.patch \
42           file://0014-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \
43           file://0016-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
44           file://0017-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \
45           file://0018-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \
46           file://0019-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
47           file://0021-Replace-echo-with-printf-builtin-in-nscd-init-script.patch \
48           file://0022-sysdeps-gnu-configure.ac-Set-libc_cv_rootsbindir-onl.patch \
49           file://0023-timezone-Make-shell-interpreter-overridable-in-tzsel.patch \
50           file://0024-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
51           \
52           file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
53           file://CVE-2023-0687.patch \
54           "
55S = "${WORKDIR}/git"
56B = "${WORKDIR}/build-${TARGET_SYS}"
57
58PACKAGES_DYNAMIC = ""
59
60# the -isystem in bitbake.conf screws up glibc do_stage
61BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}"
62TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir}"
63
64GLIBC_BROKEN_LOCALES = ""
65
66GLIBCPIE ??= ""
67
68EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
69                --disable-profile \
70                --disable-debug --without-gd \
71                --enable-clocale=gnu \
72                --with-headers=${STAGING_INCDIR} \
73                --without-selinux \
74                --enable-tunables \
75                --enable-bind-now \
76                --enable-stack-protector=strong \
77                --disable-crypt \
78                --with-default-link \
79                ${@bb.utils.contains_any('SELECTED_OPTIMIZATION', '-O0 -Og', '--disable-werror', '', d)} \
80                ${GLIBCPIE} \
81                ${GLIBC_EXTRA_OECONF}"
82
83EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"
84
85EXTRA_OECONF:append:x86 = " ${@bb.utils.contains_any('TUNE_FEATURES', 'i586 c3', '--disable-cet', '--enable-cet', d)}"
86EXTRA_OECONF:append:x86-64 = " --enable-cet"
87
88PACKAGECONFIG ??= "nscd memory-tagging"
89PACKAGECONFIG[nscd] = "--enable-nscd,--disable-nscd"
90PACKAGECONFIG[memory-tagging] = "--enable-memory-tagging,--disable-memory-tagging"
91
92do_patch:append() {
93    bb.build.exec_func('do_fix_readlib_c', d)
94}
95
96do_fix_readlib_c () {
97	sed -i -e 's#OECORE_KNOWN_INTERPRETER_NAMES#${EGLIBC_KNOWN_INTERPRETER_NAMES}#' ${S}/elf/readlib.c
98}
99
100do_configure () {
101# override this function to avoid the autoconf/automake/aclocal/autoheader
102# calls for now
103# don't pass CPPFLAGS into configure, since it upsets the kernel-headers
104# version check and doesn't really help with anything
105        (cd ${S} && gnu-configize) || die "failure in running gnu-configize"
106        find ${S} -name "configure" | xargs touch
107        CPPFLAGS="" oe_runconf
108}
109
110LDFLAGS += "-fuse-ld=bfd"
111do_compile () {
112	base_do_compile
113	echo "Adjust ldd script"
114	if [ -n "${RTLDLIST}" ]
115	then
116		prevrtld=`cat ${B}/elf/ldd | grep "^RTLDLIST=" | sed 's#^RTLDLIST="\?\([^"]*\)"\?$#\1#'`
117		# remove duplicate entries
118		newrtld=`echo $(printf '%s\n' ${prevrtld} ${RTLDLIST} | LC_ALL=C sort -u)`
119		echo "ldd \"${prevrtld} ${RTLDLIST}\" -> \"${newrtld}\""
120		sed -i ${B}/elf/ldd -e "s#^RTLDLIST=.*\$#RTLDLIST=\"${newrtld}\"#"
121	fi
122}
123
124require glibc-package.inc
125
126BBCLASSEXTEND = "nativesdk"
127