From: sgn <sgn@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Merged]: gcc: disable libssp
Date: Sun, 12 Feb 2023 07:05:30 +0100 [thread overview]
Message-ID: <20230212060530.XlqLj3PgwJyBke7mqNQKJK0dLKYuf6T8vYVcdj96rXQ@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-41294@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 2698 bytes --]
There's a merged pull request on the void-packages repository
gcc: disable libssp
https://github.com/void-linux/void-packages/pull/41294
Description:
<!-- Uncomment relevant sections and delete options which are not applicable -->
~~NOTE: Before this PR can be merged https://github.com/void-linux/void-packages/pull/41229 should be merged first and the cross compilers should finish building completely before this PR is merged.~~ Done.
It can be verified using:
`XBPS_TARGET_ARCH=... xbps-query -MRX libssp --repository=https://repo-default.voidlinux.org/current/aarch64/musl/ --repository=https://repo-default.voidlinux.org/current/musl/ --repository=https://repo-default.voidlinux.org/current/aarch64/`
Edit: I wrote a script here https://gist.github.com/oreo639/ba4dd28e022681467b1239f5375624c8
#### Testing the changes
- I tested the changes in this PR: **briefly**
There is no reason to have libssp when it is already implemented in the libc.
Most distros don't ship it (i.e. Fedora, Arch, Debian, Alpine, etc), for example, Debian stopped shipping it after gcc 4.2.
It also breaks qemu-user-static due to function/symbol redefinition errors between glibc and libssp.
libssp mostly exists as a fallback implementation.
According to Rich Felker:
https://gcc.gnu.org/legacy-ml/gcc/2020-01/msg00459.html
Q: Should gcc stop trying use musl on i386/powerpc here: ... and fall back to libssp instead?
> Absolutely not. libssp is unsafe and creates new vulns/attack surface by doing introspective stuff after the process is already *known to be* in a compromised state. It should never be used. musl's __stack_chk_fail is safe and terminates immediately.
All the packages that are bumped in this PR have been compiled. The following needed some changes to fix building:
+ ~~csync~~ (removed package)
+ ~~libtls~~ (already updated)
+ mozjs91
+ mozjs78
+ qemu-user-static
[ci skip]
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
prev parent reply other threads:[~2023-02-12 6:05 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-26 2:16 [PR PATCH] " oreo639
2022-12-26 2:34 ` [PR PATCH] [Updated] " oreo639
2022-12-26 7:26 ` oreo639
2022-12-26 7:57 ` oreo639
2022-12-26 8:07 ` oreo639
2022-12-26 8:22 ` oreo639
2022-12-26 8:29 ` oreo639
2022-12-26 8:43 ` oreo639
2022-12-26 8:54 ` oreo639
2022-12-26 9:04 ` oreo639
2022-12-26 9:19 ` oreo639
2022-12-26 11:47 ` oreo639
2022-12-26 21:42 ` oreo639
2022-12-26 23:30 ` oreo639
2022-12-27 1:53 ` oreo639
2022-12-27 5:18 ` oreo639
2022-12-27 7:10 ` oreo639
2022-12-27 8:40 ` oreo639
2022-12-27 17:17 ` [PR REVIEW] " paper42
2022-12-27 22:29 ` oreo639
2022-12-27 22:30 ` oreo639
2022-12-27 22:32 ` [PR PATCH] [Updated] " oreo639
2023-01-09 16:24 ` oreo639
2023-01-09 16:28 ` oreo639
2023-01-09 17:47 ` oreo639
2023-01-09 18:19 ` oreo639
2023-01-17 2:37 ` [PR REVIEW] " CameronNemo
2023-01-17 2:40 ` CameronNemo
2023-01-17 2:42 ` oreo639
2023-01-17 2:43 ` oreo639
2023-01-17 2:44 ` oreo639
2023-01-17 2:45 ` oreo639
2023-01-17 2:45 ` oreo639
2023-01-17 2:46 ` oreo639
2023-01-17 2:53 ` oreo639
2023-01-17 2:53 ` oreo639
2023-01-17 2:56 ` CameronNemo
2023-01-21 2:03 ` [PR PATCH] [Updated] " oreo639
2023-01-21 2:04 ` [PR REVIEW] " oreo639
2023-01-21 17:37 ` [PR PATCH] [Updated] " oreo639
2023-01-22 5:59 ` [PR REVIEW] " sgn
2023-01-22 7:27 ` [PR PATCH] [Updated] " oreo639
2023-02-05 23:34 ` oreo639
2023-02-12 3:36 ` oreo639
2023-02-12 5:35 ` sgn
2023-02-12 6:04 ` sgn
2023-02-12 6:05 ` sgn
2023-02-12 6:05 ` sgn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230212060530.XlqLj3PgwJyBke7mqNQKJK0dLKYuf6T8vYVcdj96rXQ@z \
--to=sgn@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).