Summary: | sys-libs/glibc: Revisit --enable-stack-protector value | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Arfrever Frehtes Taifersar Arahesis <arfrever.fta> |
Component: | Current packages | Assignee: | Gentoo Toolchain Maintainers <toolchain> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | gentoo, m68k, om, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=609048 https://bugs.gentoo.org/show_bug.cgi?id=712356 https://sourceware.org/bugzilla/show_bug.cgi?id=24202 https://sourceware.org/bugzilla/show_bug.cgi?id=25680 https://bugs.gentoo.org/show_bug.cgi?id=817836 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Arfrever Frehtes Taifersar Arahesis
2022-02-05 07:12:09 UTC
Oh cool, thanks for spotting that. I initially found the m68k bug, but I hadn't realised that slyfox had worked around it like this. I'll try changing it to "all" on m68k and see how it goes with some keywording/testing etc. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f58ea78c13b6078eade21a0de13e032e9ef49854 commit f58ea78c13b6078eade21a0de13e032e9ef49854 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-07 02:43:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-07 02:45:29 +0000 sys-libs/glibc: re-enable SSP for m68k; drop obsolete option in 2.35/9999 - Re-enable SSP for m68k (it works now!) [0] - Drop no-op/obsolete/removed '--enable-stackguard-randomization' [1] But defer a decision on whether to make USE=ssp continue to mean -fstack-protector-strong or change to -fstack-protector-all now that test failure issues have veen fixed. [0] https://sourceware.org/PR24202 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=f294306ba1385b096f4e4cac9146a989f1e6d1c0 Bug: https://bugs.gentoo.org/832738 Signed-off-by: Sam James <sam@gentoo.org> sys-libs/glibc/glibc-2.35.ebuild | 18 +++--------------- sys-libs/glibc/glibc-9999.ebuild | 24 ++++++------------------ 2 files changed, 9 insertions(+), 33 deletions(-) GCC can be configured with -DDEFAULT_FLAG_SSP=2 to use -fstack-protector-all by default. -DDEFAULT_FLAG_SSP=1 makes -fstack-protector default -DDEFAULT_FLAG_SSP=2 makes -fstack-protector-all default -DDEFAULT_FLAG_SSP=3 makes -fstack-protector-strong default -DDEFAULT_FLAG_SSP=4 makes -fstack-protector-explicit default Also users can add e.g. -fstack-protector-all explicitly to CFLAGS. Currently used value can be queried from compiler: $ gcc -E -P -dM - < /dev/null | grep SSP #define __SSP_ALL__ 2 $ gcc -fstack-protector-all -E -P -dM - < /dev/null | grep SSP #define __SSP_ALL__ 2 $ gcc -fstack-protector-strong -E -P -dM - < /dev/null | grep SSP #define __SSP_STRONG__ 3 $ gcc -fstack-protector -E -P -dM - < /dev/null | grep SSP #define __SSP__ 1 $ gcc -fstack-protector-explicit -E -P -dM - < /dev/null | grep SSP #define __SSP_EXPLICIT__ 4 If there is desire to use --enable-stack-protector=strong for these users who do not enable -fstack-protector-all, then ebuilds can query compiler ($(tc-getCC) ${CPPFLAGS} ${CFLAGS}) and use --enable-stack-protector=all only when __SSP_ALL__ is defined. |