On Wed, May 10, 2017, at 00:07 CDT, Jason Zaman wrote:
> I just want to make sure im understanding this right, only .a files that
> were compiled without -pie will cause issues if you compile the later
> thing that uses the .a with -pie?
> So:
> 1) people on hardened
On Wed, May 10, 2017 at 01:44:06AM +0200, Andreas K. Huettel wrote:
> Am Dienstag, 9. Mai 2017, 22:10:21 CEST schrieb Alexis Ballier:
> >
> > Do you realize that this breaks linking against about any static lib
> > ever built before upgrading ? And I'm not even considering people
> > toggling the
Since autounmask changes are a strong indicator that backtracking
will ultimately fail to produce a solution, terminate early for
autounmask changes, and add a --autounmask-backtrack= option
to modify this behavior. The --autounmask-continue option implies
--autounmask-backtrack=y behavior,
Since the default behavior is now for emerge to terminate early for
autounmask changes (unless either --autounmask-backtrack=y or
--autounmask-continue is enabled), it is much less likely that time
will be wasted by fruitless backtracking. Therefore, raise the default
backtrack value from 3 to 10,
This is a reworded news item (assuming we proceed with the plan to
default-enable USE=pie). Suggestions for improving the emerge command to
fix static archives is highly welcomed.
Matthias
Title: GCC 6 defaults to USE="pie ssp"
Author: Matthias Maier
Content-Type:
Am Dienstag, 9. Mai 2017, 22:10:21 CEST schrieb Alexis Ballier:
>
> Do you realize that this breaks linking against about any static lib
> ever built before upgrading ? And I'm not even considering people
> toggling the flag.
Toggling the flag is definitely bad. So it should be either on or off.
Am Mittwoch, 10. Mai 2017, 00:47:30 CEST schrieb Alexis Ballier:
> On Tue, 9 May 2017 23:18:20 +0200 Hanno Böck wrote:
> > I really think it's about time that pie becomes the default in Gentoo.
>
> For a transition we can probably build everything with -fPIE but not
> link with
> For a transition we can probably build everything with -fPIE but not
> link with -pie. If we want that to happen fast, gcc-6 might do that and
> gcc-7 add the -pie option.
I am not entirely convinced that a transition period of one gcc version
is enough for a smooth transition [1].
It might be
On Tue, 9 May 2017 23:18:20 +0200
Hanno Böck wrote:
> Hi,
>
> On Tue, 09 May 2017 15:55:36 -0500
> Matthias Maier wrote:
>
> > Well, Alexis certainly makes a strong point. Breaking installed
> > static archives by changing a use flag shouldn't be as easy
Hi,
On Tue, 09 May 2017 15:55:36 -0500
Matthias Maier wrote:
> Well, Alexis certainly makes a strong point. Breaking installed static
> archives by changing a use flag shouldn't be as easy as changing a
> useflag. So we might simply use.force the pie use flag depending on
>
- Mask sys-devel/gcc pie useflag globally in /base
- Selectively unmask pie useflag for
hardened/linux
hardened/linux/musl
profiles
- Ensure pie useflag is forced for hardened profiles
---
profiles/arch/amd64/package.use.mask| 4
On Tue, May 9, 2017, at 15:10 CDT, Alexis Ballier wrote:
> There is a *huge* difference between:
> Disable PIE support (NOT FOR GENERAL USE)
> and the negation of:
> pie - Build programs as Position Independent Executables (a security
> hardening technique)
>
> Enabling
On Tue, May 9, 2017 at 4:10 PM, Alexis Ballier wrote:
> Also, I don't believe default-pie should even be a useflag. It's always
> been forced-on for hardened and forced-off for non-hardened I think.
> Switching between the two types of profiles has always been difficult
>
On Tue, 09 May 2017 12:26:48 -0500
Matthias Maier wrote:
> Title: GCC 6 defaults to USE="pie ssp"
> Author: Matthias Maier
> Content-Type: text/plain
> Posted: 2017-05-07
> Revision: 1
> News-Item-Format: 1.0
> Display-If-Installed: >=sys-devel/gcc-6.3.0
>
On 5/9/17 7:15 PM, Matthias Maier wrote:
> sys-devel/gcc-7.1.0 requires external dev-libs/boehm-gc, the internal
> copy got removed [1].
>
> [1] https://gcc.gnu.org/viewcvs/gcc?view=revision=242985
> ---
> eclass/toolchain.eclass | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git
Title: GCC 6 defaults to USE="pie ssp"
Author: Matthias Maier
Content-Type: text/plain
Posted: 2017-05-07
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: >=sys-devel/gcc-6.3.0
Display-If-Keyword: amd64
In Gentoo, several GCC features can be default disabled or enabled
sys-devel/gcc-7.1.0 requires external dev-libs/boehm-gc, the internal
copy got removed [1].
[1] https://gcc.gnu.org/viewcvs/gcc?view=revision=242985
---
eclass/toolchain.eclass | 6 ++
1 file changed, 6 insertions(+)
diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass
index
On Tue, May 9, 2017 at 9:18 AM, Brian Dolbec wrote:
> On Sun, 7 May 2017 16:50:40 -0700
> Zac Medico wrote:
>
> > The loff_t type is a GNU extension, so use the portable off_t
> > type instead. Also, enable Large File Support macros in setup.py,
> > for
On Sun, 7 May 2017 16:50:40 -0700
Zac Medico wrote:
> The loff_t type is a GNU extension, so use the portable off_t
> type instead. Also, enable Large File Support macros in setup.py,
> for 64-bit offsets.
>
> Reported-by: Patrick Steinhardt
> X-Gentoo-bug:
On 05/09/2017 09:36 AM, Anthony G. Basile wrote:
>
> Perhaps I'm missing the issue, but can you just follow the dependencies
> and drop keywords accordingly so the tree remains consistent.
>
If we can make it policy that I'm allowed to edit a bunch of other
peoples' packages and de-keyword
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/05/2017 15:49, Michał Górny wrote:
> Dnia 8 maja 2017 15:27:18 CEST, Dirkjan Ochtman
> napisał(a):
>> On Mon, May 8, 2017 at 12:49 PM, Mikle Kolyada
>> wrote:
>>> Against. Do not touch things you are not
On 5/9/17 8:33 AM, Michael Orlitzky wrote:
> On 05/09/2017 04:12 AM, Rich Freeman wrote:
>> On Tue, May 9, 2017 at 12:23 AM, Yury German wrote:
>>>
>>> we can not call for cleanup or release the GLSA,
>>> waiting for a stabilization of a non-core package, while the actual
On 05/09/2017 04:12 AM, Rich Freeman wrote:
> On Tue, May 9, 2017 at 12:23 AM, Yury German wrote:
>>
>> we can not call for cleanup or release the GLSA,
>> waiting for a stabilization of a non-core package, while the actual
>> package has been in a tree in ~arch status for
On 5/9/17 8:01 AM, Thomas Deutschmann wrote:
> On 2017-05-09 10:12, Rich Freeman wrote:
>> Why not? If an arch is considered a non-security-supported arch
>> then you would just ignore it in a security bug.
>
> We dropped security coverage already for ia64 and are in the process to
> drop it for
On 2017-05-09 10:12, Rich Freeman wrote:
> Why not? If an arch is considered a non-security-supported arch
> then you would just ignore it in a security bug.
We dropped security coverage already for ia64 and are in the process to
drop it for sparc as well.
So how do you want to cleanup a
On Tue, May 9, 2017 at 12:23 AM, Yury German wrote:
>
> we can not call for cleanup or release the GLSA,
> waiting for a stabilization of a non-core package, while the actual
> package has been in a tree in ~arch status for weeks or months.
Why not? If an arch is
26 matches
Mail list logo