From: Sergei Trofimovich <slyfox@gentoo.org>
Date: Fri, 3 Apr 2020 22:37:33 +0000 (+0100)
Subject: sys-libs/glibc: switch -fstack-protector-all to -strong, bug #712356
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=93ceed55cd26146919435836599a90e17a5dddba;p=gentoo.git

sys-libs/glibc: switch -fstack-protector-all to -strong, bug #712356

Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
---

diff --git a/sys-libs/glibc/glibc-2.29-r8.ebuild b/sys-libs/glibc/glibc-2.29-r8.ebuild
index c869cce61d55..c95d7016c40f 100644
--- a/sys-libs/glibc/glibc-2.29-r8.ebuild
+++ b/sys-libs/glibc/glibc-2.29-r8.ebuild
@@ -812,7 +812,11 @@ glibc_do_configure() {
 			myconf+=( --enable-stack-protector=no )
 			;;
 		*)
-			myconf+=( --enable-stack-protector=$(usex ssp all no) )
+			# Use '=strong' instead of '=all' to protect only functions
+			# worth protecting from stack smashes.
+			# '=all' is also known to have a problem in IFUNC resolution
+			# tests: https://sourceware.org/PR25680, bug #712356.
+			myconf+=( --enable-stack-protector=$(usex ssp strong no) )
 			;;
 	esac
 	myconf+=( --enable-stackguard-randomization )