[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/

Sun, 15 Mar 2020 08:47:07 -0700 

commit:     551958422d949b8e43393b6c9c00a2ce7c4cc4c6
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 15 15:17:09 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Mar 15 15:46:25 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55195842

sys-libs/glibc: switch -fstack-protector-all to -strong, bug #712356

--enable-stack-protector=all adds protection to functions that don't
have a chance to corrupt stack. On top of that glibc's own tests fail
on static IFUNC resolver.

Let's use -fstack-protector-strong which matches Gentoo's gcc default.

Should fix at least the following test failures:
    FAIL: elf/ifuncmain9picstatic
    FAIL: elf/ifuncmain9static

Reported-by: Toralf Förster
Bug: https://bugs.gentoo.org/712356
Bug: https://sourceware.org/PR25680
Package-Manager: Portage-2.3.94, Repoman-2.3.20
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 sys-libs/glibc/glibc-2.31-r1.ebuild | 6 +++++-
 sys-libs/glibc/glibc-9999.ebuild    | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/sys-libs/glibc/glibc-2.31-r1.ebuild 
b/sys-libs/glibc/glibc-2.31-r1.ebuild
index d303115a4a6..00feda902bd 100644
--- a/sys-libs/glibc/glibc-2.31-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.31-r1.ebuild
@@ -870,7 +870,11 @@ glibc_do_configure() {
                        myconf+=( --enable-stack-protector=no )
                        ;;
                *)
-                       myconf+=( --enable-stack-protector=$(usex ssp all no) )
+                       # Use '=strong' instead of '=all' to protect only 
functions
+                       # worth protecting from stack smashes.
+                       # '=all' is also known to have a problem in IFUNC 
resolution
+                       # tests: https://sourceware.org/PR25680, bug #712356.
+                       myconf+=( --enable-stack-protector=$(usex ssp strong 
no) )
                        ;;
        esac
        myconf+=( --enable-stackguard-randomization )

diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index 229af08f2ca..b77e0177feb 100644
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -869,7 +869,11 @@ glibc_do_configure() {
                        myconf+=( --enable-stack-protector=no )
                        ;;
                *)
-                       myconf+=( --enable-stack-protector=$(usex ssp all no) )
+                       # Use '=strong' instead of '=all' to protect only 
functions
+                       # worth protecting from stack smashes.
+                       # '=all' is also known to have a problem in IFUNC 
resolution
+                       # tests: https://sourceware.org/PR25680, bug #712356.
+                       myconf+=( --enable-stack-protector=$(usex ssp strong 
no) )
                        ;;
        esac
        myconf+=( --enable-stackguard-randomization )

Reply via email to