[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/ - gentoo-commits

From:	Sam James <sam@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/
Date:	Fri, 17 Mar 2023 02:37:16
Message-Id:	`1679020553.0b7eace724b0035856311008c95cc7fe18b8231b.sam@gentoo`

1

commit:     0b7eace724b0035856311008c95cc7fe18b8231b

2

Author:     Krzesimir Nowak <knowak <AT> microsoft <DOT> com>

3

AuthorDate: Fri Mar 17 02:34:21 2023 +0000

4

Commit:     Sam James <sam <AT> gentoo <DOT> org>

5

CommitDate: Fri Mar 17 02:35:53 2023 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b7eace7

7

8

sys-libs/glibc: disable CET explicitly if USE=-cet

9

10

When bootstrapping, we may have a situation where CET-enabled gcc from seed is

11

used to build CET-disabled glibc. As such, gcc implicitly enables CET if no

12

-fcf-protection flag is passed. For a typical package it should not be a problem,

13

but for glibc it matters as it is dealing with CET in ld.so. So if CET is supposed to be

14

disabled for glibc, be explicit about it.

15

16

[sam: cherry-picked from Flatcar at https://github.com/flatcar/coreos-overlay/commit/f4b92a6de9fcf506b30f1c6156b27c0e3d25438e]

17

18

Bug: https://bugs.gentoo.org/830454

19

Closes: https://bugs.gentoo.org/901363

20

Signed-off-by: Sam James <sam <AT> gentoo.org>

21

22

 sys-libs/glibc/glibc-2.36-r7.ebuild | 13 ++++++++++++-

23

 sys-libs/glibc/glibc-2.37-r1.ebuild | 13 ++++++++++++-

24

 sys-libs/glibc/glibc-9999.ebuild    | 13 ++++++++++++-

25

 3 files changed, 36 insertions(+), 3 deletions(-)

26

27

diff --git a/sys-libs/glibc/glibc-2.36-r7.ebuild b/sys-libs/glibc/glibc-2.36-r7.ebuild

28

index 8bb3e20062b4..28002f738a95 100644

29

--- a/sys-libs/glibc/glibc-2.36-r7.ebuild

30

+++ b/sys-libs/glibc/glibc-2.36-r7.ebuild

31

@@ -472,7 +472,18 @@ setup_flags() {

32

 	filter-flags '-fsanitize=*'

33

34

 	# See end of bug #830454; we handle this via USE=cet

35

-	filter-flags '-fcf-protection='

36

+	filter-flags '-fcf-protection=*'

37

+

38

+	# When bootstrapping, we may have a situation where

39

+	# CET-enabled gcc from seed is used to build CET-disabled

40

+	# glibc. As such, gcc implicitly enables CET if no

41

+	# -fcf-protection flag is passed. For a typical package it

42

+	# should not be a problem, but for glibc it matters as it is

43

+	# dealing with CET in ld.so. So if CET is supposed to be

44

+	# disabled for glibc, be explicit about it.

45

+	if (use amd64 || use x86) && ! use cet; then

46

+		append-flags '-fcf-protection=none'

47

+	fi

48

}

49

50

 use_multiarch() {

51

52

diff --git a/sys-libs/glibc/glibc-2.37-r1.ebuild b/sys-libs/glibc/glibc-2.37-r1.ebuild

53

index 55b5a05c1ef8..4b041ecc1f7e 100644

54

--- a/sys-libs/glibc/glibc-2.37-r1.ebuild

55

+++ b/sys-libs/glibc/glibc-2.37-r1.ebuild

56

@@ -472,7 +472,18 @@ setup_flags() {

57

 	filter-flags '-fsanitize=*'

58

59

 	# See end of bug #830454; we handle this via USE=cet

60

-	filter-flags '-fcf-protection='

61

+	filter-flags '-fcf-protection=*'

62

+

63

+	# When bootstrapping, we may have a situation where

64

+	# CET-enabled gcc from seed is used to build CET-disabled

65

+	# glibc. As such, gcc implicitly enables CET if no

66

+	# -fcf-protection flag is passed. For a typical package it

67

+	# should not be a problem, but for glibc it matters as it is

68

+	# dealing with CET in ld.so. So if CET is supposed to be

69

+	# disabled for glibc, be explicit about it.

70

+	if (use amd64 || use x86) && ! use cet; then

71

+		append-flags '-fcf-protection=none'

72

+	fi

73

}

74

75

 use_multiarch() {

76

77

diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild

78

index df348d783cb1..f5ec71d81a7b 100644

79

--- a/sys-libs/glibc/glibc-9999.ebuild

80

+++ b/sys-libs/glibc/glibc-9999.ebuild

81

@@ -472,7 +472,18 @@ setup_flags() {

82

 	filter-flags '-fsanitize=*'

83

84

 	# See end of bug #830454; we handle this via USE=cet

85

-	filter-flags '-fcf-protection='

86

+	filter-flags '-fcf-protection=*'

87

+

88

+	# When bootstrapping, we may have a situation where

89

+	# CET-enabled gcc from seed is used to build CET-disabled

90

+	# glibc. As such, gcc implicitly enables CET if no

91

+	# -fcf-protection flag is passed. For a typical package it

92

+	# should not be a problem, but for glibc it matters as it is

93

+	# dealing with CET in ld.so. So if CET is supposed to be

94

+	# disabled for glibc, be explicit about it.

95

+	if (use amd64 || use x86) && ! use cet; then

96

+		append-flags '-fcf-protection=none'

97

+	fi

98

}

99

100

 use_multiarch() {

1	commit: 0b7eace724b0035856311008c95cc7fe18b8231b
2	Author: Krzesimir Nowak <knowak <AT> microsoft <DOT> com>
3	AuthorDate: Fri Mar 17 02:34:21 2023 +0000
4	Commit: Sam James <sam <AT> gentoo <DOT> org>
5	CommitDate: Fri Mar 17 02:35:53 2023 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b7eace7
7
8	sys-libs/glibc: disable CET explicitly if USE=-cet
9
10	When bootstrapping, we may have a situation where CET-enabled gcc from seed is
11	used to build CET-disabled glibc. As such, gcc implicitly enables CET if no
12	-fcf-protection flag is passed. For a typical package it should not be a problem,
13	but for glibc it matters as it is dealing with CET in ld.so. So if CET is supposed to be
14	disabled for glibc, be explicit about it.
15
16	[sam: cherry-picked from Flatcar at https://github.com/flatcar/coreos-overlay/commit/f4b92a6de9fcf506b30f1c6156b27c0e3d25438e]
17
18	Bug: https://bugs.gentoo.org/830454
19	Closes: https://bugs.gentoo.org/901363
20	Signed-off-by: Sam James <sam <AT> gentoo.org>
21
22	sys-libs/glibc/glibc-2.36-r7.ebuild \| 13 ++++++++++++-
23	sys-libs/glibc/glibc-2.37-r1.ebuild \| 13 ++++++++++++-
24	sys-libs/glibc/glibc-9999.ebuild \| 13 ++++++++++++-
25	3 files changed, 36 insertions(+), 3 deletions(-)
26
27	diff --git a/sys-libs/glibc/glibc-2.36-r7.ebuild b/sys-libs/glibc/glibc-2.36-r7.ebuild
28	index 8bb3e20062b4..28002f738a95 100644
29	--- a/sys-libs/glibc/glibc-2.36-r7.ebuild
30	+++ b/sys-libs/glibc/glibc-2.36-r7.ebuild
31	@@ -472,7 +472,18 @@ setup_flags() {
32	filter-flags '-fsanitize=*'
33
34	# See end of bug #830454; we handle this via USE=cet
35	- filter-flags '-fcf-protection='
36	+ filter-flags '-fcf-protection=*'
37	+
38	+ # When bootstrapping, we may have a situation where
39	+ # CET-enabled gcc from seed is used to build CET-disabled
40	+ # glibc. As such, gcc implicitly enables CET if no
41	+ # -fcf-protection flag is passed. For a typical package it
42	+ # should not be a problem, but for glibc it matters as it is
43	+ # dealing with CET in ld.so. So if CET is supposed to be
44	+ # disabled for glibc, be explicit about it.
45	+ if (use amd64 \|\| use x86) && ! use cet; then
46	+ append-flags '-fcf-protection=none'
47	+ fi
48	}
49
50	use_multiarch() {
51
52	diff --git a/sys-libs/glibc/glibc-2.37-r1.ebuild b/sys-libs/glibc/glibc-2.37-r1.ebuild
53	index 55b5a05c1ef8..4b041ecc1f7e 100644
54	--- a/sys-libs/glibc/glibc-2.37-r1.ebuild
55	+++ b/sys-libs/glibc/glibc-2.37-r1.ebuild
56	@@ -472,7 +472,18 @@ setup_flags() {
57	filter-flags '-fsanitize=*'
58
59	# See end of bug #830454; we handle this via USE=cet
60	- filter-flags '-fcf-protection='
61	+ filter-flags '-fcf-protection=*'
62	+
63	+ # When bootstrapping, we may have a situation where
64	+ # CET-enabled gcc from seed is used to build CET-disabled
65	+ # glibc. As such, gcc implicitly enables CET if no
66	+ # -fcf-protection flag is passed. For a typical package it
67	+ # should not be a problem, but for glibc it matters as it is
68	+ # dealing with CET in ld.so. So if CET is supposed to be
69	+ # disabled for glibc, be explicit about it.
70	+ if (use amd64 \|\| use x86) && ! use cet; then
71	+ append-flags '-fcf-protection=none'
72	+ fi
73	}
74
75	use_multiarch() {
76
77	diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
78	index df348d783cb1..f5ec71d81a7b 100644
79	--- a/sys-libs/glibc/glibc-9999.ebuild
80	+++ b/sys-libs/glibc/glibc-9999.ebuild
81	@@ -472,7 +472,18 @@ setup_flags() {
82	filter-flags '-fsanitize=*'
83
84	# See end of bug #830454; we handle this via USE=cet
85	- filter-flags '-fcf-protection='
86	+ filter-flags '-fcf-protection=*'
87	+
88	+ # When bootstrapping, we may have a situation where
89	+ # CET-enabled gcc from seed is used to build CET-disabled
90	+ # glibc. As such, gcc implicitly enables CET if no
91	+ # -fcf-protection flag is passed. For a typical package it
92	+ # should not be a problem, but for glibc it matters as it is
93	+ # dealing with CET in ld.so. So if CET is supposed to be
94	+ # disabled for glibc, be explicit about it.
95	+ if (use amd64 \|\| use x86) && ! use cet; then
96	+ append-flags '-fcf-protection=none'
97	+ fi
98	}
99
100	use_multiarch() {

Gentoo Archives: gentoo-commits