From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1152445-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 74F87138350
	for <garchives@archives.gentoo.org>; Sun, 15 Mar 2020 15:46:50 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 5F1B0E0E0E;
	Sun, 15 Mar 2020 15:46:49 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 462CEE0E0E
	for <gentoo-commits@lists.gentoo.org>; Sun, 15 Mar 2020 15:46:49 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id EA52234ECA2
	for <gentoo-commits@lists.gentoo.org>; Sun, 15 Mar 2020 15:46:47 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id A3F94103
	for <gentoo-commits@lists.gentoo.org>; Sun, 15 Mar 2020 15:46:45 +0000 (UTC)
From: "Sergei Trofimovich" <slyfox@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sergei Trofimovich" <slyfox@gentoo.org>
Message-ID: <1584287185.551958422d949b8e43393b6c9c00a2ce7c4cc4c6.slyfox@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-libs/glibc/glibc-2.31-r1.ebuild sys-libs/glibc/glibc-9999.ebuild
X-VCS-Directories: sys-libs/glibc/
X-VCS-Committer: slyfox
X-VCS-Committer-Name: Sergei Trofimovich
X-VCS-Revision: 551958422d949b8e43393b6c9c00a2ce7c4cc4c6
X-VCS-Branch: master
Date: Sun, 15 Mar 2020 15:46:45 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 9d704f44-ee2f-4702-81f9-6981f6f969cf
X-Archives-Hash: 6504fdac9679f339c0e5d9e0990ccf2b

commit:     551958422d949b8e43393b6c9c00a2ce7c4cc4c6
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 15 15:17:09 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Mar 15 15:46:25 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55195842

sys-libs/glibc: switch -fstack-protector-all to -strong, bug #712356

--enable-stack-protector=all adds protection to functions that don't
have a chance to corrupt stack. On top of that glibc's own tests fail
on static IFUNC resolver.

Let's use -fstack-protector-strong which matches Gentoo's gcc default.

Should fix at least the following test failures:
    FAIL: elf/ifuncmain9picstatic
    FAIL: elf/ifuncmain9static

Reported-by: Toralf Förster
Bug: https://bugs.gentoo.org/712356
Bug: https://sourceware.org/PR25680
Package-Manager: Portage-2.3.94, Repoman-2.3.20
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 sys-libs/glibc/glibc-2.31-r1.ebuild | 6 +++++-
 sys-libs/glibc/glibc-9999.ebuild    | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/sys-libs/glibc/glibc-2.31-r1.ebuild b/sys-libs/glibc/glibc-2.31-r1.ebuild
index d303115a4a6..00feda902bd 100644
--- a/sys-libs/glibc/glibc-2.31-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.31-r1.ebuild
@@ -870,7 +870,11 @@ glibc_do_configure() {
 			myconf+=( --enable-stack-protector=no )
 			;;
 		*)
-			myconf+=( --enable-stack-protector=$(usex ssp all no) )
+			# Use '=strong' instead of '=all' to protect only functions
+			# worth protecting from stack smashes.
+			# '=all' is also known to have a problem in IFUNC resolution
+			# tests: https://sourceware.org/PR25680, bug #712356.
+			myconf+=( --enable-stack-protector=$(usex ssp strong no) )
 			;;
 	esac
 	myconf+=( --enable-stackguard-randomization )

diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index 229af08f2ca..b77e0177feb 100644
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -869,7 +869,11 @@ glibc_do_configure() {
 			myconf+=( --enable-stack-protector=no )
 			;;
 		*)
-			myconf+=( --enable-stack-protector=$(usex ssp all no) )
+			# Use '=strong' instead of '=all' to protect only functions
+			# worth protecting from stack smashes.
+			# '=all' is also known to have a problem in IFUNC resolution
+			# tests: https://sourceware.org/PR25680, bug #712356.
+			myconf+=( --enable-stack-protector=$(usex ssp strong no) )
 			;;
 	esac
 	myconf+=( --enable-stackguard-randomization )