commit: 9fe8087634d878eeed259019bf6f3eb19ef209b8
Author: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache <DOT> Org>
AuthorDate: Wed Jun 14 14:31:44 2017 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Fri Jun 16 08:23:34 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fe80876
toolchain-glibc.eclass: Build most of >=sys-libs/glibc-2.25 with
-fstack-protector-all (bug #609048).
configure accepts --enable-stack-protector=... option which results
in build system passing appropriate -fstack-protector... option
when possible.
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>
eclass/toolchain-glibc.eclass | 17 ++++++++++++++---
sys-libs/glibc/glibc-2.25-r1.ebuild | 5 -----
sys-libs/glibc/glibc-9999.ebuild | 5 -----
3 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass
index ef9d91acaed..eba829cd2f6 100644
--- a/eclass/toolchain-glibc.eclass
+++ b/eclass/toolchain-glibc.eclass
@@ -254,7 +254,7 @@ setup_flags() {
# this flag for us, so no need to do it manually.
version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE
- # building glibc with SSP is fraught with difficulty, especially
+ # building glibc <2.25 with SSP is fraught with difficulty, especially
# due to __stack_chk_fail_local which would mean significant changes
# to the glibc build process. See bug #94325 #293721
# Note we have to handle both user-given CFLAGS and gcc defaults via
@@ -262,7 +262,9 @@ setup_flags() {
# added before user flags, and we can't just filter-flags because
# _filter_hardened doesn't support globs.
filter-flags -fstack-protector*
- gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector)
+ if ! version_is_at_least 2.25 ; then
+ tc-enables-ssp && append-flags $(test-flags
-fno-stack-protector)
+ fi
if use hardened && gcc-specs-pie ; then
# Force PIC macro definition for all compilations since they're
all
@@ -783,6 +785,10 @@ glibc_do_configure() {
myconf+=( --enable-old-ssp-compat )
fi
+ if version_is_at_least 2.25 ; then
+ myconf+=( --enable-stack-protector=all )
+ fi
+
[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )
if [[ $1 == "linuxthreads" ]] ; then
@@ -941,7 +947,7 @@ toolchain-glibc_headers_configure() {
libc_cv_mlong_double_128ibm=yes
libc_cv_ppc_machine=yes
libc_cv_ppc_rel16=yes
- libc_cv_predef_{fortify_source,stack_protector}=no
+ libc_cv_predef_fortify_source=no
libc_cv_visibility_attribute=yes
libc_cv_z_combreloc=yes
libc_cv_z_execstack=yes
@@ -955,6 +961,11 @@ toolchain-glibc_headers_configure() {
ac_cv_lib_audit_audit_log_user_avc_message=no
ac_cv_lib_cap_cap_init=no
)
+ if ! version_is_at_least 2.25 ; then
+ vars+=(
+ libc_cv_predef_stack_protector=no
+ )
+ fi
einfo "Forcing cached settings:"
for v in "${vars[@]}" ; do
einfo " ${v}"
diff --git a/sys-libs/glibc/glibc-2.25-r1.ebuild
b/sys-libs/glibc/glibc-2.25-r1.ebuild
index f8e505dcec9..5850d7d32c4 100644
--- a/sys-libs/glibc/glibc-2.25-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.25-r1.ebuild
@@ -137,11 +137,6 @@ src_prepare() {
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c
= -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
-
- # Build various bits with ssp-all
- sed -i \
- -e 's:-fstack-protector$:-fstack-protector-all:' \
- */Makefile || die
fi
case $(gcc-fullversion) in
diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index 950b62b89ac..4b4945c04f7 100644
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -135,10 +135,5 @@ src_prepare() {
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c
= -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
-
- # Build various bits with ssp-all
- sed -i \
- -e 's:-fstack-protector$:-fstack-protector-all:' \
- */Makefile || die
fi
}
