There is an updated pull request by oreo639 against master on the void-packages repository https://github.com/oreo639/void-packages libssp https://github.com/void-linux/void-packages/pull/41294 gcc: disable libssp There is also the following simplified PR that simply reverts the primary offending commit without removing the libssp package (this will prevent new glibc cross packages from depending on libssp): https://github.com/void-linux/void-packages/pull/41229 It can be verified using: `XBPS_TARGET_ARCH=... xbps-query -MRX libssp --repository=https://repo-default.voidlinux.org/current/aarch64/musl/ --repository=https://repo-default.voidlinux.org/current/musl/ --repository=https://repo-default.voidlinux.org/current/aarch64/` #### Testing the changes - I tested the changes in this PR: **briefly** There is no reason to have libssp when it is already implemented in the libc. Most distros don't ship it (i.e. Fedora, Arch, Debian, Alpine, etc), for example, Debian stopped shipping it after gcc 4.2. It also breaks qemu-user-static due to function/symbol redefinition errors between glibc and libssp. libssp mostly exists as a fallback implementation. According to Rich Felker: https://gcc.gnu.org/legacy-ml/gcc/2020-01/msg00459.html Q: Should gcc stop trying use musl on i386/powerpc here: ... and fall back to libssp instead? > Absolutely not. libssp is unsafe and creates new vulns/attack surface by doing introspective stuff after the process is already *known to be* in a compromised state. It should never be used. musl's __stack_chk_fail is safe and terminates immediately. [ci skip] Necessary rebuilds x86_64{,-musl} & i686: - [x] sox - [x] stlink aarch64: - [x] PrismLauncher-6.0_1 - [x] dovecot-2.3.20_1 - [x] dovecot-plugin-ldap-2.3.20_1 - [x] dovecot-plugin-lucene-2.3.20_1 - [x] dovecot-plugin-mysql-2.3.20_1 - [x] dovecot-plugin-pgsql-2.3.20_1 - [x] dovecot-plugin-pigeonhole-0.5.20_1 - [x] dovecot-plugin-pigeonhole-ldap-0.5.20_1 - [x] dovecot-plugin-sqlite-2.3.20_1 - [x] dqlite-1.13.0_1 - [x] libssp-devel-12.2.0_1 - [x] libsvt-av1-1.4.1_1 - [x] perf-5.10.4_10 - [x] powertop-2.14_2 - [x] raft-0.16.0_1 - [x] svt-av1-1.4.1_1 - [x] thunderbird-102.6.1_1 - [x] tmon-5.10.4_10 - [x] tor-0.4.7.12_1 armv{6,7}l: - [x] dovecot-2.3.20_1 - [x] dovecot-plugin-ldap-2.3.20_1 - [x] dovecot-plugin-lucene-2.3.20_1 - [x] dovecot-plugin-mysql-2.3.20_1 - [x] dovecot-plugin-pgsql-2.3.20_1 - [x] dovecot-plugin-pigeonhole-0.5.20_1 - [x] dovecot-plugin-pigeonhole-ldap-0.5.20_1 - [x] dovecot-plugin-sqlite-2.3.20_1 - [x] dqlite-1.13.0_1 - [x] perf-5.10.4_10 - [x] powertop-2.14_2 - [x] raft-0.16.0_1 - [x] tmon-5.10.4_10 - [x] tor-0.4.7.12_1 armv{6,7}-musll: - [x] AusweisApp2-1.24.1_1 - [x] OTPClient-2.4.8_1 - [x] avahi-qt5-libs-0.8_5 - [x] avahi-ui-libs-0.8_5 - [x] avahi-ui-libs-gtk3-0.8_5 - [x] avahi-ui-utils-0.8_5 - [x] bitcoin-22.0_2 - [x] bitcoin-qt-22.0_2 - [x] botan-2.19.2_2 - [x] cJSON-1.7.15_1 - [x] csync-0.50.0_5 - [x] cups-2.4.2_1 - [x] davfs2-1.6.1_1 - [x] di-4.51_1 - [x] dislocker-0.7.3_1 - [x] dovecot-2.3.20_1 - [x] dovecot-plugin-ldap-2.3.20_1 - [x] dovecot-plugin-lucene-2.3.20_1 - [x] dovecot-plugin-mysql-2.3.20_1 - [x] dovecot-plugin-pgsql-2.3.20_1 - [x] dovecot-plugin-pigeonhole-0.5.20_1 - [x] dovecot-plugin-pigeonhole-ldap-0.5.20_1 - [x] dovecot-plugin-sqlite-2.3.20_1 - [x] dqlite-1.13.0_1 - [x] elogind-246.10_2 - [x] flac-1.3.4_1 - [x] fwknop-2.6.10_2 - [x] fwknopd-2.6.10_2 - [x] inkscape-1.1.1_5 - [x] keepalived-2.2.7_1 - [x] keepassxc-2.7.4_1 - [x] kitty-0.26.3_2 - [x] kmscon-8_7 - [x] kstars-3.6.0_2 - [x] libcotp-1.2.4_1 - [x] libcups-2.4.2_1 - [x] libelogind-246.10_2 - [x] libfko-2.6.10_2 - [x] libflac-1.3.4_1 - [x] libhtp-0.5.36_1 - [x] libknet1-1.24_1 - [x] libmariadbclient-10.5.10_3 - [x] libnozzle1-1.24_1 - [x] libressl-netcat-3.6.1_1 - [x] libssp-devel-12.2.0_1 - [x] libswtpm-0.7.3_1 - [x] libtls-3.6.1_1 - [x] libtpm2-totp-0.3.0_1 - [x] libtpms-0.9.4_1 - [x] libvlc-3.0.18_2 - [x] libxbps-0.59.1_7 - [x] libykcs11-2.1.1_2 - [x] libykpiv-2.1.1_2 - [x] litecoin-0.18.1_8 - [x] lldpd-1.0.11_2 - [x] mariadb-10.5.10_3 - [x] massdns-1.0.0_1 - [x] mksh-R59c_1 - [x] mkvtoolnix-72.0.0_1 - [x] mkvtoolnix-gui-72.0.0_1 - [x] monero-0.18.1.2_1 - [x] monero-gui-0.18.1.2_1 - [x] monit-5.32.0_1 - [x] mosh-1.4.0_2 - [x] mozjs102-102.5.0_1 - [x] mozjs78-78.9.0_5 - [x] mozjs91-91.7.1_2 - [x] msg2-1.2.0_2 - [x] namecoin-0.18.1_6 - [x] navit-0.5.6_3 - [x] ngircd-26_2 - [x] ntp-4.2.8p15_5 - [x] openjdk8-jre-8u322b04_3 - [x] openssh-9.1p1_2 - [x] openssh-sk-helper-9.1p1_2 - [x] p0f-3.09b_3 - [x] pam_ssh_agent_auth-0.10.3_3 - [x] pax-20201030_1 - [x] perf-5.10.4_10 - [x] powertop-2.14_2 - [x] qemu-7.1.0_1 - [x] qemu-ga-7.1.0_1 - [x] qemu-user-static-7.1.0_1 - [x] qtox-1.17.6_1 - [x] raft-0.16.0_1 - [x] ruby-3.1.3_1 - [x] sox-14.4.2_5 - [x] stunnel-5.66_1 - [x] sudo-1.9.11p3_1 - [x] swirc-3.3.8_1 - [x] swtpm-0.7.3_1 - [x] tcltls-1.7.22_1 - [x] testdisk-7.1_3 - [x] thc-hydra-9.1_4 - [x] tini-0.19.0_1 - [x] tinyssh-20220801_1 - [x] tlsdate-0.0.13_15 - [x] tmon-5.10.4_10 - [x] tor-0.4.7.12_1 - [x] tpm2-tools-5.4_1 - [x] tpm2-totp-0.3.0_1 - [x] tpm2-tss-3.2.0_1 - [x] vlc-3.0.18_2 - [x] vte3-0.70.1_1 - [x] vte3-gtk4-0.70.1_1 - [x] wesnoth-1.16.6_1 - [x] xbps-0.59.1_7 - [x] xbps-tests-0.59.1_7 - [x] xnec2c-4.4.12_1 - [x] yubico-piv-tool-2.1.1_2 - [x] zmap-2.1.1_5 aarch64-musl: same as aarch64 and armv{6,7}-musl combined. A patch file from https://github.com/void-linux/void-packages/pull/41294.patch is attached