diff options
| author |   Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> | 2017-06-14 16:31:44 +0200 |
|---|---|---|
| committer |   Matthias Maier <tamiko@gentoo.org> | 2017-06-16 03:23:34 -0500 |
| commit | 9fe8087634d878eeed259019bf6f3eb19ef209b8 (patch) | |
| tree | 807fcd75f4ad20fae8bfac5ac61ea0760cf1c04e /eclass | |
| parent | toolchain-funcs.eclass: Add functions for detection of PIE / SSP in way compa... (diff) | |
| download | gentoo-9fe8087634d878eeed259019bf6f3eb19ef209b8.tar.gz gentoo-9fe8087634d878eeed259019bf6f3eb19ef209b8.tar.bz2 gentoo-9fe8087634d878eeed259019bf6f3eb19ef209b8.zip | |
toolchain-glibc.eclass: Build most of >=sys-libs/glibc-2.25 with -fstack-protector-all (bug #609048).
configure accepts --enable-stack-protector=... option which results
in build system passing appropriate -fstack-protector... option
when possible.
Signed-off-by: Matthias Maier <tamiko@gentoo.org>
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/toolchain-glibc.eclass | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/eclass/toolchain-glibc.eclass b/eclass/toolchain-glibc.eclass index ef9d91acaed4..eba829cd2f62 100644 --- a/eclass/toolchain-glibc.eclass +++ b/eclass/toolchain-glibc.eclass @@ -254,7 +254,7 @@ setup_flags() { # this flag for us, so no need to do it manually. version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE - # building glibc with SSP is fraught with difficulty, especially + # building glibc <2.25 with SSP is fraught with difficulty, especially # due to __stack_chk_fail_local which would mean significant changes # to the glibc build process. See bug #94325 #293721 # Note we have to handle both user-given CFLAGS and gcc defaults via @@ -262,7 +262,9 @@ setup_flags() { # added before user flags, and we can't just filter-flags because # _filter_hardened doesn't support globs. filter-flags -fstack-protector* - gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector) + if ! version_is_at_least 2.25 ; then + tc-enables-ssp && append-flags $(test-flags -fno-stack-protector) + fi if use hardened && gcc-specs-pie ; then # Force PIC macro definition for all compilations since they're all @@ -783,6 +785,10 @@ glibc_do_configure() { myconf+=( --enable-old-ssp-compat ) fi + if version_is_at_least 2.25 ; then + myconf+=( --enable-stack-protector=all ) + fi + [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp ) if [[ $1 == "linuxthreads" ]] ; then @@ -941,7 +947,7 @@ toolchain-glibc_headers_configure() { libc_cv_mlong_double_128ibm=yes libc_cv_ppc_machine=yes libc_cv_ppc_rel16=yes - libc_cv_predef_{fortify_source,stack_protector}=no + libc_cv_predef_fortify_source=no libc_cv_visibility_attribute=yes libc_cv_z_combreloc=yes libc_cv_z_execstack=yes @@ -955,6 +961,11 @@ toolchain-glibc_headers_configure() { ac_cv_lib_audit_audit_log_user_avc_message=no ac_cv_lib_cap_cap_init=no ) + if ! version_is_at_least 2.25 ; then + vars+=( + libc_cv_predef_stack_protector=no + ) + fi einfo "Forcing cached settings:" for v in "${vars[@]}" ; do einfo " ${v}" |