diff options
| author |   Sam James <sam@gentoo.org> | 2022-05-19 05:12:25 +0000 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2022-05-19 05:17:46 +0000 |
| commit | ba26a8dafe2ab11ca59c6cacbaf545b687e62f5c (patch) | |
| tree | 2ed9d1871d9e23502b4c8d97d6463c0ca6c3b549 /dev-libs/openssl | |
| parent | media-libs/libsndfile: keyword 1.1.0-r1 for ~loong (diff) | |
| download | gentoo-ba26a8dafe2ab11ca59c6cacbaf545b687e62f5c.tar.gz gentoo-ba26a8dafe2ab11ca59c6cacbaf545b687e62f5c.tar.bz2 gentoo-ba26a8dafe2ab11ca59c6cacbaf545b687e62f5c.zip | |
dev-libs/openssl: explain why -fno-strict-aliasing
OpenSSL has a scary number of strict aliasing violations
within its codebase and it is *extremely* unsafe to build
OpenSSL without this option.
Hence we continue to build with -fno-strict-aliasing,
like we have done for the last 10 years, but explain
why in the ebuild.
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'dev-libs/openssl')
| -rw-r--r-- | dev-libs/openssl/openssl-1.1.1o.ebuild | 12 | ||||
| -rw-r--r-- | dev-libs/openssl/openssl-3.0.3.ebuild | 9 |
2 files changed, 20 insertions, 1 deletions
diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild index ff2f6ac9a728..48e5e8265b39 100644 --- a/dev-libs/openssl/openssl-1.1.1o.ebuild +++ b/dev-libs/openssl/openssl-1.1.1o.ebuild @@ -106,10 +106,20 @@ src_prepare() { # and 'make depend' uses -Werror for added fun (#417795 again) [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + append-flags $(test-flags-CC -Wa,--noexecstack) + # Prefixify Configure shebang (#141906) sed \ -e "1s,/usr/bin/env,${EPREFIX}&," \ diff --git a/dev-libs/openssl/openssl-3.0.3.ebuild b/dev-libs/openssl/openssl-3.0.3.ebuild index 514ea991ddcc..2af0d8bf7020 100644 --- a/dev-libs/openssl/openssl-3.0.3.ebuild +++ b/dev-libs/openssl/openssl-3.0.3.ebuild @@ -124,7 +124,16 @@ src_prepare() { # and 'make depend' uses -Werror for added fun (bug #417795 again) tc-is-clang && append-flags -Qunused-arguments + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing append-flags -fno-strict-aliasing + append-flags $(test-flags-CC -Wa,--noexecstack) # Prefixify Configure shebang (bug #141906) |