1 |
From: Arfrever Frehtes Taifersar Arahesis <Arfrever@××××××.Org> |
2 |
|
3 |
configure accepts --enable-stack-protector=... option which results |
4 |
in build system passing appropriate -fstack-protector... option |
5 |
when possible. |
6 |
|
7 |
Signed-off-by: Matthias Maier <tamiko@g.o> |
8 |
--- |
9 |
eclass/toolchain-glibc.eclass | 17 ++++++++++++++--- |
10 |
sys-libs/glibc/glibc-2.23-r3.ebuild | 5 ----- |
11 |
2 files changed, 14 insertions(+), 8 deletions(-) |
12 |
|
13 |
diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass |
14 |
index ef9d91acae..eba829cd2f 100644 |
15 |
--- a/eclass/toolchain-glibc.eclass |
16 |
+++ b/eclass/toolchain-glibc.eclass |
17 |
@@ -254,7 +254,7 @@ setup_flags() { |
18 |
# this flag for us, so no need to do it manually. |
19 |
version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE |
20 |
|
21 |
- # building glibc with SSP is fraught with difficulty, especially |
22 |
+ # building glibc <2.25 with SSP is fraught with difficulty, especially |
23 |
# due to __stack_chk_fail_local which would mean significant changes |
24 |
# to the glibc build process. See bug #94325 #293721 |
25 |
# Note we have to handle both user-given CFLAGS and gcc defaults via |
26 |
@@ -262,7 +262,9 @@ setup_flags() { |
27 |
# added before user flags, and we can't just filter-flags because |
28 |
# _filter_hardened doesn't support globs. |
29 |
filter-flags -fstack-protector* |
30 |
- gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector) |
31 |
+ if ! version_is_at_least 2.25 ; then |
32 |
+ tc-enables-ssp && append-flags $(test-flags -fno-stack-protector) |
33 |
+ fi |
34 |
|
35 |
if use hardened && gcc-specs-pie ; then |
36 |
# Force PIC macro definition for all compilations since they're all |
37 |
@@ -783,6 +785,10 @@ glibc_do_configure() { |
38 |
myconf+=( --enable-old-ssp-compat ) |
39 |
fi |
40 |
|
41 |
+ if version_is_at_least 2.25 ; then |
42 |
+ myconf+=( --enable-stack-protector=all ) |
43 |
+ fi |
44 |
+ |
45 |
[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp ) |
46 |
|
47 |
if [[ $1 == "linuxthreads" ]] ; then |
48 |
@@ -941,7 +947,7 @@ toolchain-glibc_headers_configure() { |
49 |
libc_cv_mlong_double_128ibm=yes |
50 |
libc_cv_ppc_machine=yes |
51 |
libc_cv_ppc_rel16=yes |
52 |
- libc_cv_predef_{fortify_source,stack_protector}=no |
53 |
+ libc_cv_predef_fortify_source=no |
54 |
libc_cv_visibility_attribute=yes |
55 |
libc_cv_z_combreloc=yes |
56 |
libc_cv_z_execstack=yes |
57 |
@@ -955,6 +961,11 @@ toolchain-glibc_headers_configure() { |
58 |
ac_cv_lib_audit_audit_log_user_avc_message=no |
59 |
ac_cv_lib_cap_cap_init=no |
60 |
) |
61 |
+ if ! version_is_at_least 2.25 ; then |
62 |
+ vars+=( |
63 |
+ libc_cv_predef_stack_protector=no |
64 |
+ ) |
65 |
+ fi |
66 |
einfo "Forcing cached settings:" |
67 |
for v in "${vars[@]}" ; do |
68 |
einfo " ${v}" |
69 |
diff --git a/sys-libs/glibc/glibc-2.23-r3.ebuild b/sys-libs/glibc/glibc-2.23-r3.ebuild |
70 |
index 410b3485c1..1109618f52 100644 |
71 |
--- a/sys-libs/glibc/glibc-2.23-r3.ebuild |
72 |
+++ b/sys-libs/glibc/glibc-2.23-r3.ebuild |
73 |
@@ -137,11 +137,6 @@ src_prepare() { |
74 |
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ |
75 |
debug/Makefile || die |
76 |
fi |
77 |
- |
78 |
- # Build various bits with ssp-all |
79 |
- sed -i \ |
80 |
- -e 's:-fstack-protector$:-fstack-protector-all:' \ |
81 |
- */Makefile || die |
82 |
fi |
83 |
|
84 |
case $(gcc-fullversion) in |
85 |
-- |
86 |
2.13.0 |