| 1 |
From: Arfrever Frehtes Taifersar Arahesis <Arfrever@××××××.Org> |
| 2 |
|
| 3 |
configure accepts --enable-stack-protector=... option which results |
| 4 |
in build system passing appropriate -fstack-protector... option |
| 5 |
when possible. |
| 6 |
|
| 7 |
Signed-off-by: Matthias Maier <tamiko@g.o> |
| 8 |
--- |
| 9 |
eclass/toolchain-glibc.eclass | 17 ++++++++++++++--- |
| 10 |
sys-libs/glibc/glibc-2.23-r3.ebuild | 5 ----- |
| 11 |
2 files changed, 14 insertions(+), 8 deletions(-) |
| 12 |
|
| 13 |
diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass |
| 14 |
index ef9d91acae..eba829cd2f 100644 |
| 15 |
--- a/eclass/toolchain-glibc.eclass |
| 16 |
+++ b/eclass/toolchain-glibc.eclass |
| 17 |
@@ -254,7 +254,7 @@ setup_flags() { |
| 18 |
# this flag for us, so no need to do it manually. |
| 19 |
version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE |
| 20 |
|
| 21 |
- # building glibc with SSP is fraught with difficulty, especially |
| 22 |
+ # building glibc <2.25 with SSP is fraught with difficulty, especially |
| 23 |
# due to __stack_chk_fail_local which would mean significant changes |
| 24 |
# to the glibc build process. See bug #94325 #293721 |
| 25 |
# Note we have to handle both user-given CFLAGS and gcc defaults via |
| 26 |
@@ -262,7 +262,9 @@ setup_flags() { |
| 27 |
# added before user flags, and we can't just filter-flags because |
| 28 |
# _filter_hardened doesn't support globs. |
| 29 |
filter-flags -fstack-protector* |
| 30 |
- gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector) |
| 31 |
+ if ! version_is_at_least 2.25 ; then |
| 32 |
+ tc-enables-ssp && append-flags $(test-flags -fno-stack-protector) |
| 33 |
+ fi |
| 34 |
|
| 35 |
if use hardened && gcc-specs-pie ; then |
| 36 |
# Force PIC macro definition for all compilations since they're all |
| 37 |
@@ -783,6 +785,10 @@ glibc_do_configure() { |
| 38 |
myconf+=( --enable-old-ssp-compat ) |
| 39 |
fi |
| 40 |
|
| 41 |
+ if version_is_at_least 2.25 ; then |
| 42 |
+ myconf+=( --enable-stack-protector=all ) |
| 43 |
+ fi |
| 44 |
+ |
| 45 |
[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp ) |
| 46 |
|
| 47 |
if [[ $1 == "linuxthreads" ]] ; then |
| 48 |
@@ -941,7 +947,7 @@ toolchain-glibc_headers_configure() { |
| 49 |
libc_cv_mlong_double_128ibm=yes |
| 50 |
libc_cv_ppc_machine=yes |
| 51 |
libc_cv_ppc_rel16=yes |
| 52 |
- libc_cv_predef_{fortify_source,stack_protector}=no |
| 53 |
+ libc_cv_predef_fortify_source=no |
| 54 |
libc_cv_visibility_attribute=yes |
| 55 |
libc_cv_z_combreloc=yes |
| 56 |
libc_cv_z_execstack=yes |
| 57 |
@@ -955,6 +961,11 @@ toolchain-glibc_headers_configure() { |
| 58 |
ac_cv_lib_audit_audit_log_user_avc_message=no |
| 59 |
ac_cv_lib_cap_cap_init=no |
| 60 |
) |
| 61 |
+ if ! version_is_at_least 2.25 ; then |
| 62 |
+ vars+=( |
| 63 |
+ libc_cv_predef_stack_protector=no |
| 64 |
+ ) |
| 65 |
+ fi |
| 66 |
einfo "Forcing cached settings:" |
| 67 |
for v in "${vars[@]}" ; do |
| 68 |
einfo " ${v}" |
| 69 |
diff --git a/sys-libs/glibc/glibc-2.23-r3.ebuild b/sys-libs/glibc/glibc-2.23-r3.ebuild |
| 70 |
index 410b3485c1..1109618f52 100644 |
| 71 |
--- a/sys-libs/glibc/glibc-2.23-r3.ebuild |
| 72 |
+++ b/sys-libs/glibc/glibc-2.23-r3.ebuild |
| 73 |
@@ -137,11 +137,6 @@ src_prepare() { |
| 74 |
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ |
| 75 |
debug/Makefile || die |
| 76 |
fi |
| 77 |
- |
| 78 |
- # Build various bits with ssp-all |
| 79 |
- sed -i \ |
| 80 |
- -e 's:-fstack-protector$:-fstack-protector-all:' \ |
| 81 |
- */Makefile || die |
| 82 |
fi |
| 83 |
|
| 84 |
case $(gcc-fullversion) in |
| 85 |
-- |
| 86 |
2.13.0 |
Archives