| Summary: | sys-libs/glibc: Revisit --enable-stack-protector value | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Arfrever Frehtes Taifersar Arahesis <arfrever.fta> |
| Component: | Current packages | Assignee: | Gentoo Toolchain Maintainers <toolchain> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | gentoo, m68k, om, sam |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=609048 https://bugs.gentoo.org/show_bug.cgi?id=712356 https://sourceware.org/bugzilla/show_bug.cgi?id=24202 https://sourceware.org/bugzilla/show_bug.cgi?id=25680 https://bugs.gentoo.org/show_bug.cgi?id=817836 |
||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Arfrever Frehtes Taifersar Arahesis
2022-02-05 07:12:09 UTC
Oh cool, thanks for spotting that. I initially found the m68k bug, but I hadn't realised that slyfox had worked around it like this. I'll try changing it to "all" on m68k and see how it goes with some keywording/testing etc. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f58ea78c13b6078eade21a0de13e032e9ef49854 commit f58ea78c13b6078eade21a0de13e032e9ef49854 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-07 02:43:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-07 02:45:29 +0000 sys-libs/glibc: re-enable SSP for m68k; drop obsolete option in 2.35/9999 - Re-enable SSP for m68k (it works now!) [0] - Drop no-op/obsolete/removed '--enable-stackguard-randomization' [1] But defer a decision on whether to make USE=ssp continue to mean -fstack-protector-strong or change to -fstack-protector-all now that test failure issues have veen fixed. [0] https://sourceware.org/PR24202 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=f294306ba1385b096f4e4cac9146a989f1e6d1c0 Bug: https://bugs.gentoo.org/832738 Signed-off-by: Sam James <sam@gentoo.org> sys-libs/glibc/glibc-2.35.ebuild | 18 +++--------------- sys-libs/glibc/glibc-9999.ebuild | 24 ++++++------------------ 2 files changed, 9 insertions(+), 33 deletions(-) GCC can be configured with -DDEFAULT_FLAG_SSP=2 to use -fstack-protector-all by default.
-DDEFAULT_FLAG_SSP=1 makes -fstack-protector default
-DDEFAULT_FLAG_SSP=2 makes -fstack-protector-all default
-DDEFAULT_FLAG_SSP=3 makes -fstack-protector-strong default
-DDEFAULT_FLAG_SSP=4 makes -fstack-protector-explicit default
Also users can add e.g. -fstack-protector-all explicitly to CFLAGS.
Currently used value can be queried from compiler:
$ gcc -E -P -dM - < /dev/null | grep SSP
#define __SSP_ALL__ 2
$ gcc -fstack-protector-all -E -P -dM - < /dev/null | grep SSP
#define __SSP_ALL__ 2
$ gcc -fstack-protector-strong -E -P -dM - < /dev/null | grep SSP
#define __SSP_STRONG__ 3
$ gcc -fstack-protector -E -P -dM - < /dev/null | grep SSP
#define __SSP__ 1
$ gcc -fstack-protector-explicit -E -P -dM - < /dev/null | grep SSP
#define __SSP_EXPLICIT__ 4
If there is desire to use --enable-stack-protector=strong for these users who do not enable -fstack-protector-all, then ebuilds can query compiler ($(tc-getCC) ${CPPFLAGS} ${CFLAGS}) and use --enable-stack-protector=all only when __SSP_ALL__ is defined.
|
