Re: [gentoo-dev] stability of 17.0 hardened profile

onsdag 14 februari 2018 kl. 19:44:13 CET skrev Paweł Hajdan, Jr.: > I was looking into the new 17.0 profiles (nice work!), and noticed the > hardened one is marked as dev. I'm somewhat concerned about switching to > that on my laptop (I'm currently using hardened/linux/amd64). > > Is there

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

måndag 9 oktober 2017 kl. 22:58:22 CEST skrev Andreas K. Huettel: > = > Title: New 17.0 profiles in the Gentoo repository > Author: Andreas K. Hüttel > Posted: xxx > Revision: 1 > News-Item-Format: 2.0 > Display-If-Installed:

Re: [gentoo-dev] 17.0 profiles

fredag 6 oktober 2017 kl. 14:23:49 CEST skrev Andreas K. Huettel: > Hi all, > > Since gcc-6 stabilization is drawing closer, I'm going to prepare the > remaining 17.0 profiles (right now they only exist for amd64). > > Meaning... copy profiles/default/linux/*/13.0 to profiles/default/linux/*/ >

Re: [gentoo-dev] Pre-GLEP for review: mix-in profiles

måndag 23 januari 2017 kl. 13:56:02 CET skrev Rich Freeman: > On Mon, Jan 23, 2017 at 4:23 AM, Michał Górny wrote: > > I've written a short proposal that aims to provide basic infrastructure > > for defining mix-in profiles in Gentoo. I've tried to keep it simple, > > and

[gentoo-dev] Gcc 6 and Gcc 5 update

Hi Gcc 6.X update: Gcc 6.3 will soon get released in one or two weeks on that the pie use flag will get unmasked and gcj will be masked for java is removed in gcc 7 Package that fail with the pie flag needed to get fixed upstream for we are not the only dist that use it now days. Gcc 5.X update

Re: [gentoo-dev] Tinderboxing efforts in Gentoo

fredag 2 december 2016 kl. 23:32:37 CET skrev Daniel Campbell: > On 12/02/2016 06:09 AM, Michael Mol wrote: > > On Friday, December 02, 2016 02:10:27 PM Michał Górny wrote: > >> Hi, everyone. > >> > >> I've heard multiple times about various tinderbox projects being > >> started by individuals

[gentoo-dev] Uptade for toolchain.eclass and Gcc 6.2

Hi The patch add use flag for pch, so it can be disable. We add support to use the configure options for pie and ssp instead of the -D* hack for it. The hardened use flag will add or remove some compile options as, -fstrict_overflow will be turn of for -O2 and higher, -fstack-check is added as

[gentoo-dev] Cluster tinderbox poc

Hi As some of you may know, I have been working on code for a tinderbox with frontend support. I think its time to move it to a offcial project. The Proof-Of-Concept (poc) is almost ready, but it still have alot of the frontend left to do. You can see the logs and summit bugsreports and chose

Re: [gentoo-dev] Re: [RFC] News item: GCC 4.8.3 defaults to -fstack-protector

torsdag 12 juni 2014 03.45.23 skrev Greg Turner: On Wed, Jun 11, 2014 at 6:23 AM, Jeroen Roovers j...@gentoo.org wrote: Will bug #332823 and its ilk somehow be mitigated? Emerging glibc with -fstack-protector still leads to similar problems. There doesn't currently seem to be a bug report

Re: [gentoo-dev] Re: [RFC] News item: GCC 4.8.3 defaults to -fstack-protector

tisdag 10 juni 2014 14.22.11 skrev Jeroen Roovers: On Mon, 9 Jun 2014 21:46:56 -0600 Ryan Hill rh...@gentoo.org wrote: Yes. But now you've got me worried. We have to build gcc itself with -fno-stack-protector. Does compiling something with that flag give an error on hppa? Maybe give

Re: [gentoo-dev] Re: [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes.

torsdag 09 januari 2014 23.18.28 skrev Ryan Hill: On Thu, 09 Jan 2014 21:58:46 +0100 Magnus Granberg zo...@gentoo.org wrote: Some time ago we discussed that we should enable stack smashing (-fstack-protector) by default. So we opened a bug to track this [1]. The affected Gcc version

Re: [gentoo-dev] Re: [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes.

torsdag 09 januari 2014 17.56.56 skrev Ryan Hill: On Thu, 09 Jan 2014 21:58:46 +0100 Magnus Granberg zo...@gentoo.org wrote: - use hardened make_gcc_hard + if ( tc_version_is_at_least 4.8 || use hardened ) ! use vanilla ; then s/4.8/4.8.2 Or should we wait until the next

[gentoo-dev] [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes.

will make_gcc_hard() the default for all Gcc versions 4.8 and newer, and turn it on or off with hardened_gcc_works() that will make some sanity checks. /Magnus 2013-12-31 Magnus Granberg zo...@gentoo.org # 484714 We Add -fstack-protector as default --- a/eclass/toolchain.eclass 2013-12-30 21:21

Re: [gentoo-dev] [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes.

torsdag 09 januari 2014 22.57.09 skrev Pacho Ramos: El jue, 09-01-2014 a las 21:58 +0100, Magnus Granberg escribió: Hi Some time ago we discussed that we should enable stack smashing (-fstack-protector) by default. So we opened a bug to track this [1]. The affected Gcc version

Re: [gentoo-dev] Re: Improve the security of the default profile

onsdag 11 september 2013 00.07.29 skrev Ryan Hill: On Tue, 10 Sep 2013 18:41:34 -0400 Richard Yao r...@gentoo.org wrote: A few thoughts: 1. The kernel expects -fno-stack-protector to be the default. What will the effect be on kernel configuration once -fstack-protector is the

Re: [gentoo-dev] Re: Improve the security of the default profile

onsdag 11 september 2013 04.49.55 skrev Duncan: (Tho jer points out that the parisc arch, among others, won't work with that flag at all, and warns to that effect. So I guess the patch will etiher be ifdeffed not to apply on such archs or will be conditionally applied in the first

Re: [gentoo-dev] Re: Improve the security of the default profile

måndag 09 september 2013 21.00.12 skrev Ryan Hill: On Mon, 9 Sep 2013 08:21:35 -0400 Rich Freeman ri...@gentoo.org wrote: On Sun, Sep 8, 2013 at 8:06 PM, Ryan Hill dirtye...@gentoo.org wrote: So does anyone have any objections to making -fstack-protector the default? Now is the

Re: [gentoo-dev] Re: Can we have process names and stdout / stderr indication to more efficiently parse build logs?

tisdag 03 september 2013 22.41.14 skrev Alan McKinnon: I *do* like colorized text on my terminal, but I do believe we ought to keep defaults sane - the minimum that could possibly work. Everything extra should be optional What about NOCOLOR=false in make.conf see man make.conf for more

Re: [gentoo-dev] Re: Moving more hardening features to default?

fredag 21 oktober 2011 15.25.54 skrev Duncan: Mike Frysinger posted on Fri, 21 Oct 2011 08:13:22 -0400 as excerpted: On Thursday 20 October 2011 23:20:35 Duncan wrote: Magnus G suggests possibly adding PIE to amd64, which is already PIC, this isn't quite right. amd64 shared objects

Re: [gentoo-dev] Moving more hardening features to default?

torsdag 20 oktober 2011 13.17.33 skrev Mike Frysinger: On Thursday 20 October 2011 12:47:27 Rich Freeman wrote: I was trying to draw a contrast between passive things like stack-protection and things that really get in your face like MAC. the trouble was in the context quoting then ... it

Re: [gentoo-dev] Re: News item for hardened profile about gcc.

On Sunday 24 October 2010 10.04.34 Kfir Lavi wrote: On Sun, Oct 24, 2010 at 3:34 AM, Duncan 1i5t5.dun...@cox.net wrote: Magnus Granberg posted on Sun, 24 Oct 2010 03:01:40 +0200 as excerpted: Display-If-Install: sys-devel/gcc-4.4 Typo: Display-If-Installed

Re: [gentoo-dev] Re: News item for hardened profile about gcc.

On Sunday 24 October 2010 12.04.13 Ulrich Mueller wrote: On Sun, 24 Oct 2010, Magnus Granberg wrote: Display-If-Installed: sys-devel/gcc-4.4 and hardened If I understand portage's logic correctly, then this header will not work. But you can use Display-If-Installed for the dependency atom

Re: [gentoo-dev] News item for hardened profile about gcc.

On Sunday 24 October 2010 19.00.44 7v5w7go9ub0o wrote: On 10/23/10 20:28, Magnus Granberg wrote: Hi Was thinking to post a news item for the hardened profile about the new GCC 4.4.4-r2 that have been stabled on x86 and amd64. Thank you for this milestone! We have enable SSP

[gentoo-dev] News item for hardened profile about gcc.

Hi Was thinking to post a news item for the hardened profile about the new GCC 4.4.4-r2 that have been stabled on x86 and amd64. Hardened at gentoo.org /Magnus (Zorry) Title: Info on GCC 4.4.4-r2 and GCC 3.X on Hardened profiles Author: Magnus Granberg zo...@gentoo.org Content-Type: text

Re: [gentoo-dev] Re: News item for hardened profile about gcc.

On Sunday 24 October 2010 02.44.00 Diego Elio Pettenò wrote: Il giorno dom, 24/10/2010 alle 02.28 +0200, Magnus Granberg ha scritto: You may have noticed that GCC 4.4.4-r2 has gone stable on x86 and amd64. The other archs will follow later. We have enable SSP support by default

Re: [gentoo-dev] suspicious code snipped in gcc-4.5* ebuilds

On Tuesday 05 October 2010 18.52.29 Petteri Räty wrote: On 10/05/2010 02:32 PM, Paweł Hajdan, Jr. wrote: I was just looking at some random ebuilds recently, and noticed this snippet in gcc-4.5* ebuilds: SSP_STABLE=amd64 x86 ppc ppc64 arm # uclibc need tls and nptl support for SSP

Re: [gentoo-dev] Is Gentoo a Phoenix?

. Sorry if i bing roude. Hardened at gentoo.org Magnus Granberg (Zorry) zo...@gentoo.org

Re: [gentoo-dev] Re: gcc 4.3.2 security updates

On Sunday 11 January 2009 09.39.08 Mike Frysinger wrote: On Saturday 10 January 2009 23:52:15 Magnus Granberg wrote: On Sunday 11 January 2009 04.26.00 Mike Frysinger wrote: On Saturday 10 January 2009 19:03:17 Ryan Hill wrote: On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote

[gentoo-dev] Re: gcc 4.3.2 security updates

On Sunday 11 January 2009 01.06.45 Ciaran McCreesh wrote: On Sat, 10 Jan 2009 18:03:17 -0600 Ryan Hill dirtye...@gentoo.org wrote: I'm really hoping this isn't a stable candidate. :P Is an earlier gcc 4.3 a stable candidate, or have those plans been abandoned? (I'm wondering whether it's

Re: [gentoo-dev] Re: gcc 4.3.2 security updates

On Sunday 11 January 2009 04.26.00 Mike Frysinger wrote: On Saturday 10 January 2009 19:03:17 Ryan Hill wrote: On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote: not to be out done, gcc-4.3.2-r3 will include changes like some other distros are now carrying: - the