diff options
author | Sergei Trofimovich <slyfox@gentoo.org> | 2019-03-09 10:46:05 +0000 |
---|---|---|
committer | Sergei Trofimovich <slyfox@gentoo.org> | 2019-03-09 10:46:40 +0000 |
commit | 5aca3ae8606fb422955eedb5e45d50166e91c339 (patch) | |
tree | d13008a9e0058fae32e59b4609f74236668bc243 /sys-libs/glibc/glibc-2.28-r5.ebuild | |
parent | sys-libs/glibc: sort flags in metadata.xml (diff) | |
download | gentoo-5aca3ae8606fb422955eedb5e45d50166e91c339.tar.gz gentoo-5aca3ae8606fb422955eedb5e45d50166e91c339.tar.bz2 gentoo-5aca3ae8606fb422955eedb5e45d50166e91c339.zip |
sys-libs/glibc: make stack protection optional, bug #679788
The change adds new USE=ssp to optionally disable protection of
glibc's internals. Before the change protection was
unconditionally enabled.
It's useful to disable ssp to validate if stack protection
causes any damage (glibc bugs like https://sourceware.org/PR24202
or gcc bugs like https://gcc.gnu.org/PR81996).
And also useful to get more predictable binaries like in
https://bugs.gentoo.org/679788.
Reported-by: Agostino Sarubbo
Bug: https://bugs.gentoo.org/679788
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Diffstat (limited to 'sys-libs/glibc/glibc-2.28-r5.ebuild')
-rw-r--r-- | sys-libs/glibc/glibc-2.28-r5.ebuild | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys-libs/glibc/glibc-2.28-r5.ebuild b/sys-libs/glibc/glibc-2.28-r5.ebuild index 9087d26caafa..3ae8a3553cb8 100644 --- a/sys-libs/glibc/glibc-2.28-r5.ebuild +++ b/sys-libs/glibc/glibc-2.28-r5.ebuild @@ -32,7 +32,7 @@ PATCH_VER=8 SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.xz" SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-multilib-bootstrap-${GCC_BOOTSTRAP_VER}.tar.xz )" -IUSE="audit caps cet compile-locales doc gd headers-only +multiarch multilib nscd profile selinux suid systemtap test vanilla" +IUSE="audit caps cet compile-locales doc gd headers-only +multiarch multilib nscd profile selinux +ssp suid systemtap test vanilla" # Minimum kernel version that glibc requires MIN_KERN_VER="3.2.0" @@ -813,7 +813,7 @@ glibc_do_configure() { myconf+=( --enable-stack-protector=no ) ;; *) - myconf+=( --enable-stack-protector=all ) + myconf+=( --enable-stack-protector=$(usex ssp all no) ) ;; esac myconf+=( --enable-stackguard-randomization ) |