Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

On Wed, May 10, 2017, at 00:07 CDT, Jason Zaman wrote: > I just want to make sure im understanding this right, only .a files that > were compiled without -pie will cause issues if you compile the later > thing that uses the .a with -pie? > So: > 1) people on hardened

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

On Wed, May 10, 2017 at 01:44:06AM +0200, Andreas K. Huettel wrote: > Am Dienstag, 9. Mai 2017, 22:10:21 CEST schrieb Alexis Ballier: > > > > Do you realize that this breaks linking against about any static lib > > ever built before upgrading ? And I'm not even considering people > > toggling the

[gentoo-portage-dev] [PATCH 1/2] emerge: terminate backtracking early for autounmask changes (bug 615680)

Since autounmask changes are a strong indicator that backtracking will ultimately fail to produce a solution, terminate early for autounmask changes, and add a --autounmask-backtrack= option to modify this behavior. The --autounmask-continue option implies --autounmask-backtrack=y behavior,

[gentoo-portage-dev] [PATCH 2/2] emerge: default --backtrack=10 (bug 540562)

Since the default behavior is now for emerge to terminate early for autounmask changes (unless either --autounmask-backtrack=y or --autounmask-continue is enabled), it is much less likely that time will be wasted by fruitless backtracking. Therefore, raise the default backtrack value from 3 to 10,

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2

This is a reworded news item (assuming we proceed with the plan to default-enable USE=pie). Suggestions for improving the emerge command to fix static archives is highly welcomed. Matthias Title: GCC 6 defaults to USE="pie ssp" Author: Matthias Maier Content-Type:

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

Am Dienstag, 9. Mai 2017, 22:10:21 CEST schrieb Alexis Ballier: > > Do you realize that this breaks linking against about any static lib > ever built before upgrading ? And I'm not even considering people > toggling the flag. Toggling the flag is definitely bad. So it should be either on or off.

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

Am Mittwoch, 10. Mai 2017, 00:47:30 CEST schrieb Alexis Ballier: > On Tue, 9 May 2017 23:18:20 +0200 Hanno Böck wrote: > > I really think it's about time that pie becomes the default in Gentoo. > > For a transition we can probably build everything with -fPIE but not > link with

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

> For a transition we can probably build everything with -fPIE but not > link with -pie. If we want that to happen fast, gcc-6 might do that and > gcc-7 add the -pie option. I am not entirely convinced that a transition period of one gcc version is enough for a smooth transition [1]. It might be

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

On Tue, 9 May 2017 23:18:20 +0200 Hanno Böck wrote: > Hi, > > On Tue, 09 May 2017 15:55:36 -0500 > Matthias Maier wrote: > > > Well, Alexis certainly makes a strong point. Breaking installed > > static archives by changing a use flag shouldn't be as easy

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

Hi, On Tue, 09 May 2017 15:55:36 -0500 Matthias Maier wrote: > Well, Alexis certainly makes a strong point. Breaking installed static > archives by changing a use flag shouldn't be as easy as changing a > useflag. So we might simply use.force the pie use flag depending on >

[gentoo-dev] [PATCH] profiles: Mask pie useflag for >=sys-devel/gcc-6

- Mask sys-devel/gcc pie useflag globally in /base - Selectively unmask pie useflag for hardened/linux hardened/linux/musl profiles - Ensure pie useflag is forced for hardened profiles --- profiles/arch/amd64/package.use.mask| 4

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

On Tue, May 9, 2017, at 15:10 CDT, Alexis Ballier wrote: > There is a *huge* difference between: > Disable PIE support (NOT FOR GENERAL USE) > and the negation of: > pie - Build programs as Position Independent Executables (a security > hardening technique) > > Enabling

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

On Tue, May 9, 2017 at 4:10 PM, Alexis Ballier wrote: > Also, I don't believe default-pie should even be a useflag. It's always > been forced-on for hardened and forced-off for non-hardened I think. > Switching between the two types of profiles has always been difficult >

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

On Tue, 09 May 2017 12:26:48 -0500 Matthias Maier wrote: > Title: GCC 6 defaults to USE="pie ssp" > Author: Matthias Maier > Content-Type: text/plain > Posted: 2017-05-07 > Revision: 1 > News-Item-Format: 1.0 > Display-If-Installed: >=sys-devel/gcc-6.3.0 >

[gentoo-dev] Re: [PATCH] toolchain.eclass: add DEPEND to dev-libs/boehm-gc, bug #617788

On 5/9/17 7:15 PM, Matthias Maier wrote: > sys-devel/gcc-7.1.0 requires external dev-libs/boehm-gc, the internal > copy got removed [1]. > > [1] https://gcc.gnu.org/viewcvs/gcc?view=revision=242985 > --- > eclass/toolchain.eclass | 6 ++ > 1 file changed, 6 insertions(+) > > diff --git

[gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

Title: GCC 6 defaults to USE="pie ssp" Author: Matthias Maier Content-Type: text/plain Posted: 2017-05-07 Revision: 1 News-Item-Format: 1.0 Display-If-Installed: >=sys-devel/gcc-6.3.0 Display-If-Keyword: amd64 In Gentoo, several GCC features can be default disabled or enabled

[gentoo-dev] [PATCH] toolchain.eclass: add DEPEND to dev-libs/boehm-gc, bug #617788

sys-devel/gcc-7.1.0 requires external dev-libs/boehm-gc, the internal copy got removed [1]. [1] https://gcc.gnu.org/viewcvs/gcc?view=revision=242985 --- eclass/toolchain.eclass | 6 ++ 1 file changed, 6 insertions(+) diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass index

Re: [gentoo-portage-dev] [PATCH] file_copy: replace loff_t with off_t for portability (bug 617778)

On Tue, May 9, 2017 at 9:18 AM, Brian Dolbec wrote: > On Sun, 7 May 2017 16:50:40 -0700 > Zac Medico wrote: > > > The loff_t type is a GNU extension, so use the portable off_t > > type instead. Also, enable Large File Support macros in setup.py, > > for

Re: [gentoo-portage-dev] [PATCH] file_copy: replace loff_t with off_t for portability (bug 617778)

On Sun, 7 May 2017 16:50:40 -0700 Zac Medico wrote: > The loff_t type is a GNU extension, so use the portable off_t > type instead. Also, enable Large File Support macros in setup.py, > for 64-bit offsets. > > Reported-by: Patrick Steinhardt > X-Gentoo-bug:

Re: [gentoo-dev] Dropping ia64/ppc/sparc profiles to dev/exp

On 05/09/2017 09:36 AM, Anthony G. Basile wrote: > > Perhaps I'm missing the issue, but can you just follow the dependencies > and drop keywords accordingly so the tree remains consistent. > If we can make it policy that I'm allowed to edit a bunch of other peoples' packages and de-keyword

Re: [gentoo-dev] Dropping ia64/ppc/sparc profiles to dev/exp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/05/2017 15:49, Michał Górny wrote: > Dnia 8 maja 2017 15:27:18 CEST, Dirkjan Ochtman > napisał(a): >> On Mon, May 8, 2017 at 12:49 PM, Mikle Kolyada >> wrote: >>> Against. Do not touch things you are not

Re: [gentoo-dev] Dropping ia64/ppc/sparc profiles to dev/exp

On 5/9/17 8:33 AM, Michael Orlitzky wrote: > On 05/09/2017 04:12 AM, Rich Freeman wrote: >> On Tue, May 9, 2017 at 12:23 AM, Yury German wrote: >>> >>> we can not call for cleanup or release the GLSA, >>> waiting for a stabilization of a non-core package, while the actual

Re: [gentoo-dev] Dropping ia64/ppc/sparc profiles to dev/exp

On 05/09/2017 04:12 AM, Rich Freeman wrote: > On Tue, May 9, 2017 at 12:23 AM, Yury German wrote: >> >> we can not call for cleanup or release the GLSA, >> waiting for a stabilization of a non-core package, while the actual >> package has been in a tree in ~arch status for

Re: [gentoo-dev] Dropping ia64/ppc/sparc profiles to dev/exp

On 5/9/17 8:01 AM, Thomas Deutschmann wrote: > On 2017-05-09 10:12, Rich Freeman wrote: >> Why not? If an arch is considered a non-security-supported arch >> then you would just ignore it in a security bug. > > We dropped security coverage already for ia64 and are in the process to > drop it for

Re: [gentoo-dev] Dropping ia64/ppc/sparc profiles to dev/exp

On 2017-05-09 10:12, Rich Freeman wrote: > Why not? If an arch is considered a non-security-supported arch > then you would just ignore it in a security bug. We dropped security coverage already for ia64 and are in the process to drop it for sparc as well. So how do you want to cleanup a

Re: [gentoo-dev] Dropping ia64/ppc/sparc profiles to dev/exp

On Tue, May 9, 2017 at 12:23 AM, Yury German wrote: > > we can not call for cleanup or release the GLSA, > waiting for a stabilization of a non-core package, while the actual > package has been in a tree in ~arch status for weeks or months. Why not? If an arch is