sys-libs/glibc: make stack protection optional, bug #679788

The change adds new USE=ssp to optionally disable protection of
glibc's internals. Before the change protection was
unconditionally enabled.

It's useful to disable ssp to validate if stack protection
causes any damage (glibc bugs like https://sourceware.org/PR24202
or gcc bugs like https://gcc.gnu.org/PR81996).

And also useful to get more predictable binaries like in
https://bugs.gentoo.org/679788.

Reported-by: Agostino Sarubbo
Bug: https://bugs.gentoo.org/679788
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/sys-libs/glibc/glibc-2.28-r5.ebuild b/sys-libs/glibc/glibc-2.28-r5.ebuild
index 9087d26caafa..3ae8a3553cb8 100644
--- a/sys-libs/glibc/glibc-2.28-r5.ebuild
+++ b/sys-libs/glibc/glibc-2.28-r5.ebuild
@@ -32,7 +32,7 @@ PATCH_VER=8
 SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.xz"
 SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-multilib-bootstrap-${GCC_BOOTSTRAP_VER}.tar.xz )"
 
-IUSE="audit caps cet compile-locales doc gd headers-only +multiarch multilib nscd profile selinux suid systemtap test vanilla"
+IUSE="audit caps cet compile-locales doc gd headers-only +multiarch multilib nscd profile selinux +ssp suid systemtap test vanilla"
 
 # Minimum kernel version that glibc requires
 MIN_KERN_VER="3.2.0"
@@ -813,7 +813,7 @@ glibc_do_configure() {
 			myconf+=( --enable-stack-protector=no )
 			;;
 		*)
-			myconf+=( --enable-stack-protector=all )
+			myconf+=( --enable-stack-protector=$(usex ssp all no) )
 			;;
 	esac
 	myconf+=( --enable-stackguard-randomization )