commit:     256df48ff6e85ffa389cc2d25453d100279b62fe
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  7 19:51:59 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Apr  7 19:51:59 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=256df48f

sys-libs/glibc: filter -fcf-protection

Set USE=cet if you want this. glibc can't be built with this *everywhere*,
and the configure option (controlled by USE=cet) sets it for the components
for which it works.

It's just like SSP and PIE. You can't force it on all of glibc, and we have
mechanisms to do it properly (USE=cet).

Closes: https://bugs.gentoo.org/830454
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-libs/glibc/glibc-2.34-r11.ebuild | 3 +++
 sys-libs/glibc/glibc-2.35-r2.ebuild  | 3 +++
 sys-libs/glibc/glibc-9999.ebuild     | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/sys-libs/glibc/glibc-2.34-r11.ebuild 
b/sys-libs/glibc/glibc-2.34-r11.ebuild
index ff5bd4304774..3cf633bea543 100644
--- a/sys-libs/glibc/glibc-2.34-r11.ebuild
+++ b/sys-libs/glibc/glibc-2.34-r11.ebuild
@@ -440,6 +440,9 @@ setup_flags() {
        replace-flags -O0 -O1
 
        filter-flags '-fstack-protector*'
+
+       # See end of bug #830454; we handle this via USE=cet
+       filter-flags '-fcf-protection='
 }
 
 use_multiarch() {

diff --git a/sys-libs/glibc/glibc-2.35-r2.ebuild 
b/sys-libs/glibc/glibc-2.35-r2.ebuild
index 6a0d35ce8ad5..22e2d5153f19 100644
--- a/sys-libs/glibc/glibc-2.35-r2.ebuild
+++ b/sys-libs/glibc/glibc-2.35-r2.ebuild
@@ -429,6 +429,9 @@ setup_flags() {
        replace-flags -O0 -O1
 
        filter-flags '-fstack-protector*'
+
+       # See end of bug #830454; we handle this via USE=cet
+       filter-flags '-fcf-protection='
 }
 
 use_multiarch() {

diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index 2483aefe5d6a..94842d8172b7 100644
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -430,6 +430,9 @@ setup_flags() {
        replace-flags -O0 -O1
 
        filter-flags '-fstack-protector*'
+
+       # See end of bug #830454; we handle this via USE=cet
+       filter-flags '-fcf-protection='
 }
 
 use_multiarch() {

Reply via email to