From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5C408139083 for ; Tue, 9 May 2017 23:59:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 17507E0DE8; Tue, 9 May 2017 23:58:54 +0000 (UTC) Received: from tsukuyomi.43-1.org (tsukuyomi.43-1.org [188.40.248.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BAC49E0DDB for ; Tue, 9 May 2017 23:58:53 +0000 (UTC) From: Matthias Maier To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2 In-Reply-To: <874lwu9c13.fsf@kestrel.kyomu.43-1.org> (Matthias Maier's message of "Tue, 09 May 2017 12:26:48 -0500") References: <874lwu9c13.fsf@kestrel.kyomu.43-1.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) Date: Tue, 09 May 2017 18:58:42 -0500 Message-ID: <87inl9y43x.fsf@kestrel.kyomu.43-1.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Archives-Salt: 73f56e5f-8323-463a-a12a-0e93b08297a2 X-Archives-Hash: 8ef5b4de8fca38dfd326c45203a09a9d --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable This is a reworded news item (assuming we proceed with the plan to default-enable USE=3Dpie). Suggestions for improving the emerge command to fix static archives is highly welcomed. Matthias Title: GCC 6 defaults to USE=3D"pie ssp" Author: Matthias Maier Content-Type: text/plain Posted: 2017-05-09 Revision: 1 News-Item-Format: 1.0 Display-If-Installed: >=3Dsys-devel/gcc-6.3.0 In Gentoo, several GCC features can be default disabled or enabled=20 via use-flags of sys-devel/gcc. Starting with gcc-4.8.3 we have already enabled default SSP [1]. Since the PIE patchset for default position=20 independent executable support was integrated upstream [2,3], starting=20 with gcc-6.3 we are also enabling PIE by default (via a default-enabled=20 use-flag pie) in regular (non-hardened) profiles. [Additionally, following Gentoo policies, the default-off use-flags nopie (only present in Hardened) and nossp are replaced starting with gcc-6 by default-on use-flags pie and ssp.] Be advised that switching from an older version to GCC 6 will enable the PIE feature by default. This should not cause many problems for packages involving shared libraries. However, static archives need to be rebuilt (otherwise final linkage will fail [4]. You can rebuild affected packages containing static archives via # emerge --exclude 'dev-haskell/*' -1 $(find /lib* /usr/lib* -type f -nam= e "*.a") [1] https://www.gentoo.org/support/news-items/2014-06-15-gcc48_ssp.html [2] https://gcc.gnu.org/gcc-6/changes.html [3] A big thanks to all developers and members of the Gentoo community that made upstreaming the pie patchset and other hardening options possible! [4] A typical link error reads relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIzBAEBCgAdFiEE6t/5JjgpnbiQKMUluE7NiUruef8FAlkSV7IACgkQuE7NiUru ef9l+BAAskLuXVQHK8j91oVqfPCw+9YspEwRCOOB/9S4tENMTx0NIwbur5d4t3eP qGFZDBqUaFMOkyi5VmTCz9AuzINNZnOzwsTXR6Ax5OVY5Jo19kQX7BR3enbXzGmC B6q6v3BBjx34z3VamouySwlgk46k9DwSfPgaRkxaE3K7jkIumJKmN4P0sVIcefqz QuxdZTeTtNnlINP0yZIPTaz8RgmxT6ryMUwqh8VjJBDCQXYWuh6W83UCAHt47z55 vccVuVMjz4FlJTR4M4soEwEUqqr95yQWh1yl9RzP6w18zLH8Rwdo384LSIEKqAUl drv8JKaib8gT4XrxgV0vf+0nNz/2YeUboeGhAgJIpzBC0Xfj0PLePhbUWOK0UBAH h8Xej0kPfG5i4QLwuJgmWjEACKChACLgSyfViTqiPMCPuFWbNLwdKvHBPK18dAjj pq8kwUHCNhL6aDh0A2e6PVBKyd4pCAdgUDzYtavs9dHDSRQpRSpo/l6r2uCFsW5r GdyCS1BKUCZcuSw3LqcrY2VtcnkQtkOUyvK4O8GbklJ71d0zjq+rLmJIE/72QybN 2H8PmByfsusQWKiMRrDQegCTPDYk9eagEyzGKp+EMA4Akd/JA/Gito9B3e5z5n4Q VD85WHZVhqDQF7fg3Uy4qHh1SkfTpFzyo8APsLHf8iUReXsishA= =wM/8 -----END PGP SIGNATURE----- --=-=-=--