618156 – dev-libs/skalibs and friends unneccessarily disable -fstack-protector

Bug 618156 - dev-libs/skalibs and friends unneccessarily disable -fstack-protector

Summary: dev-libs/skalibs and friends unneccessarily disable -fstack-protector

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Mira Ressel

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-05-10 22:40 UTC by Mira Ressel
Modified:	2017-11-15 21:17 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mira Ressel 2017-05-10 22:40:06 UTC

I just discovered that all skarnet packages explicitly disable -fstack-protector in their configure script. I've talked to Laurent and he confirmed he's not doing this to avoid any bugs, but just because it saves space and runtime and he doesn't consider the feature important.

Given that Hardened Gentoo (and AFAIK, nowadays even "normal" Gentoo) enable -fstack-protector-strong in the gcc spec files and only disable it for packages which break otherwise, we might want to re-enable this flag.

What do you think? I presume the best way would be to delete the line in question from the configure script using sed.

Comment 1 Mira Ressel 2017-05-21 15:07:27 UTC

Since Samuel agreed with me regarding the sed solution, I'm including it in the bumps im about to submit.

There weren't new releases of s6-dns and s6-linux-init today, though, so I'm not changing those two ebuilds.