This is a reworded news item (assuming we proceed with the plan to default-enable USE=pie). Suggestions for improving the emerge command to fix static archives is highly welcomed.
Matthias Title: GCC 6 defaults to USE="pie ssp" Author: Matthias Maier <tam...@gentoo.org> Content-Type: text/plain Posted: 2017-05-09 Revision: 1 News-Item-Format: 1.0 Display-If-Installed: >=sys-devel/gcc-6.3.0 In Gentoo, several GCC features can be default disabled or enabled via use-flags of sys-devel/gcc. Starting with gcc-4.8.3 we have already enabled default SSP [1]. Since the PIE patchset for default position independent executable support was integrated upstream [2,3], starting with gcc-6.3 we are also enabling PIE by default (via a default-enabled use-flag pie) in regular (non-hardened) profiles. [Additionally, following Gentoo policies, the default-off use-flags nopie (only present in Hardened) and nossp are replaced starting with gcc-6 by default-on use-flags pie and ssp.] Be advised that switching from an older version to GCC 6 will enable the PIE feature by default. This should not cause many problems for packages involving shared libraries. However, static archives need to be rebuilt (otherwise final linkage will fail [4]. You can rebuild affected packages containing static archives via # emerge --exclude 'dev-haskell/*' -1 $(find /lib* /usr/lib* -type f -name "*.a") [1] https://www.gentoo.org/support/news-items/2014-06-15-gcc48_ssp.html [2] https://gcc.gnu.org/gcc-6/changes.html [3] A big thanks to all developers and members of the Gentoo community that made upstreaming the pie patchset and other hardening options possible! [4] A typical link error reads relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
signature.asc
Description: PGP signature
