diff options
author | Sam James <sam@gentoo.org> | 2022-02-07 02:43:09 +0000 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2022-02-07 02:45:29 +0000 |
commit | f58ea78c13b6078eade21a0de13e032e9ef49854 (patch) | |
tree | e85c9ec80f0f584e86175eb19ffefb58f2cb9efc | |
parent | sec-policy: Release of SELinux policies 2.20220106-r1 (diff) | |
download | gentoo-f58ea78c13b6078eade21a0de13e032e9ef49854.tar.gz gentoo-f58ea78c13b6078eade21a0de13e032e9ef49854.tar.bz2 gentoo-f58ea78c13b6078eade21a0de13e032e9ef49854.zip |
sys-libs/glibc: re-enable SSP for m68k; drop obsolete option in 2.35/9999
- Re-enable SSP for m68k (it works now!) [0]
- Drop no-op/obsolete/removed '--enable-stackguard-randomization' [1]
But defer a decision on whether to make USE=ssp continue to
mean -fstack-protector-strong or change to -fstack-protector-all now that
test failure issues have veen fixed.
[0] https://sourceware.org/PR24202
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=f294306ba1385b096f4e4cac9146a989f1e6d1c0
Bug: https://bugs.gentoo.org/832738
Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r-- | sys-libs/glibc/glibc-2.35.ebuild | 18 | ||||
-rw-r--r-- | sys-libs/glibc/glibc-9999.ebuild | 24 |
2 files changed, 9 insertions, 33 deletions
diff --git a/sys-libs/glibc/glibc-2.35.ebuild b/sys-libs/glibc/glibc-2.35.ebuild index 3365dded67ed..39ebc6f3a02b 100644 --- a/sys-libs/glibc/glibc-2.35.ebuild +++ b/sys-libs/glibc/glibc-2.35.ebuild @@ -898,21 +898,9 @@ glibc_do_configure() { echo local myconf=() - case ${CTARGET} in - m68k*) - # setjmp() is not compatible with stack protection: - # https://sourceware.org/PR24202 - myconf+=( --enable-stack-protector=no ) - ;; - *) - # Use '=strong' instead of '=all' to protect only functions - # worth protecting from stack smashes. - # '=all' is also known to have a problem in IFUNC resolution - # tests: https://sourceware.org/PR25680, bug #712356. - myconf+=( --enable-stack-protector=$(usex ssp strong no) ) - ;; - esac - myconf+=( --enable-stackguard-randomization ) + # Use '=strong' instead of '=all' to protect only functions + # worth protecting from stack smashes. + myconf+=( --enable-stack-protector=$(usex ssp strong no) ) # Keep a whitelist of targets supporing IFUNC. glibc's ./configure # is not robust enough to detect proper support: diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild index b97550bf18f0..39ebc6f3a02b 100644 --- a/sys-libs/glibc/glibc-9999.ebuild +++ b/sys-libs/glibc/glibc-9999.ebuild @@ -23,7 +23,7 @@ SLOT="2.2" EMULTILIB_PKG="true" # Gentoo patchset (ignored for live ebuilds) -PATCH_VER=2 +PATCH_VER=1 PATCH_DEV=dilfridge if [[ ${PV} == 9999* ]]; then @@ -148,13 +148,13 @@ RESTRICT="!test? ( test )" if [[ ${CATEGORY} == cross-* ]] ; then BDEPEND+=" !headers-only? ( >=${CATEGORY}/binutils-2.27 - >=${CATEGORY}/gcc-6 + >=${CATEGORY}/gcc-6.2 )" [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" else BDEPEND+=" >=sys-devel/binutils-2.27 - >=sys-devel/gcc-6 + >=sys-devel/gcc-6.2 " DEPEND+=" virtual/os-headers " RDEPEND+=" @@ -898,21 +898,9 @@ glibc_do_configure() { echo local myconf=() - case ${CTARGET} in - m68k*) - # setjmp() is not compatible with stack protection: - # https://sourceware.org/PR24202 - myconf+=( --enable-stack-protector=no ) - ;; - *) - # Use '=strong' instead of '=all' to protect only functions - # worth protecting from stack smashes. - # '=all' is also known to have a problem in IFUNC resolution - # tests: https://sourceware.org/PR25680, bug #712356. - myconf+=( --enable-stack-protector=$(usex ssp strong no) ) - ;; - esac - myconf+=( --enable-stackguard-randomization ) + # Use '=strong' instead of '=all' to protect only functions + # worth protecting from stack smashes. + myconf+=( --enable-stack-protector=$(usex ssp strong no) ) # Keep a whitelist of targets supporing IFUNC. glibc's ./configure # is not robust enough to detect proper support: |