From 551958422d949b8e43393b6c9c00a2ce7c4cc4c6 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 15 Mar 2020 15:17:09 +0000 Subject: [PATCH] sys-libs/glibc: switch -fstack-protector-all to -strong, bug #712356 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --enable-stack-protector=all adds protection to functions that don't have a chance to corrupt stack. On top of that glibc's own tests fail on static IFUNC resolver. Let's use -fstack-protector-strong which matches Gentoo's gcc default. Should fix at least the following test failures: FAIL: elf/ifuncmain9picstatic FAIL: elf/ifuncmain9static Reported-by: Toralf Förster Bug: https://bugs.gentoo.org/712356 Bug: https://sourceware.org/PR25680 Package-Manager: Portage-2.3.94, Repoman-2.3.20 Signed-off-by: Sergei Trofimovich --- sys-libs/glibc/glibc-2.31-r1.ebuild | 6 +++++- sys-libs/glibc/glibc-9999.ebuild | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/sys-libs/glibc/glibc-2.31-r1.ebuild b/sys-libs/glibc/glibc-2.31-r1.ebuild index d303115a4a6d..00feda902bda 100644 --- a/sys-libs/glibc/glibc-2.31-r1.ebuild +++ b/sys-libs/glibc/glibc-2.31-r1.ebuild @@ -870,7 +870,11 @@ glibc_do_configure() { myconf+=( --enable-stack-protector=no ) ;; *) - myconf+=( --enable-stack-protector=$(usex ssp all no) ) + # Use '=strong' instead of '=all' to protect only functions + # worth protecting from stack smashes. + # '=all' is also known to have a problem in IFUNC resolution + # tests: https://sourceware.org/PR25680, bug #712356. + myconf+=( --enable-stack-protector=$(usex ssp strong no) ) ;; esac myconf+=( --enable-stackguard-randomization ) diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild index 229af08f2ca8..b77e0177feb2 100644 --- a/sys-libs/glibc/glibc-9999.ebuild +++ b/sys-libs/glibc/glibc-9999.ebuild @@ -869,7 +869,11 @@ glibc_do_configure() { myconf+=( --enable-stack-protector=no ) ;; *) - myconf+=( --enable-stack-protector=$(usex ssp all no) ) + # Use '=strong' instead of '=all' to protect only functions + # worth protecting from stack smashes. + # '=all' is also known to have a problem in IFUNC resolution + # tests: https://sourceware.org/PR25680, bug #712356. + myconf+=( --enable-stack-protector=$(usex ssp strong no) ) ;; esac myconf+=( --enable-stackguard-randomization ) -- 2.26.2