from the ebuild i noticed that any mmx/sse optimizations are disabled when PIC is enabled. from what I know in the past this did not work with gcc3. I believe any gcc4+ is capable of generating PIC asm. So my suggestion is to adjust the ebuild to check if using gcc4 first. I've tested compiling ffmpeg with this check and it builds correctly on an amd64 hardened system with mmx, mmxest, sse and ssse3 options enabled. # disable mmx accelerated code if PIC is required # as the provided asm decidedly is not PIC. if [ "$(gcc-major-version)" != "4" ]; then if gcc-specs-pie ; then myconf="${myconf} --disable-mmx --disable-mmx2" fi fi * sorry, not sure how to write a proper patch for this
(In reply to comment #0) > * sorry, not sure how to write a proper patch for this You don't have to "write" a patch. Simply use diff for creating the patch: diff -u original_file modified_file > file.patch
--- /usr/portage/media-video/ffmpeg/ffmpeg-0.5-r1.ebuild 2009-04-09 08:35:59.214576211 +1000 +++ /usr/local/portage/overlay/media-video/ffmpeg/ffmpeg-0.5-r2.ebuild 2009-04-09 08:36:24.487596728 +1000 @@ -122,8 +122,10 @@ use 3dnowext || myconf="${myconf} --disable-amd3dnowext" # disable mmx accelerated code if PIC is required # as the provided asm decidedly is not PIC. - if gcc-specs-pie ; then - myconf="${myconf} --disable-mmx --disable-mmx2" + if [ "$(gcc-major-version)" != "4" ]; then + if gcc-specs-pie ; then + myconf="${myconf} --disable-mmx --disable-mmx2" + fi fi # Try to get cpu type based on CFLAGS.
I believe the asm routines of ffmpeg are still not pic/pie (bug #179872); anyway its up to the hardened team to decide how to handle this.
*** This bug has been marked as a duplicate of bug 179872 ***