From d1106991fd2320054043a5ac32d8092152092903 Mon Sep 17 00:00:00 2001 From: inference Date: Tue, 17 Jan 2023 01:27:42 +0000 Subject: [PATCH] Remove FORTIFY_SOURCE since it is not compatible with or used by musl libc. Switch stack protector from all to strong since strong covers the entire practical stack smashing protection threat model. Sort compiler hardening flags A-Z. Sort linker hardening flags A-Z. --- portage/env/gcc-nolto-nopie.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/portage/env/gcc-nolto-nopie.conf b/portage/env/gcc-nolto-nopie.conf index 10a28cd..473e136 100644 --- a/portage/env/gcc-nolto-nopie.conf +++ b/portage/env/gcc-nolto-nopie.conf @@ -3,7 +3,7 @@ # Copyright 2022-2023 Inference # SPDX-License-Identifier: BSD-3-Clause-Clear -# Version: 1.0.0.2 +# Version: 2.0.0.3 # Toolchain. @@ -23,8 +23,8 @@ STRIP="strip" # Flags ## Hardening flags -C_SEC="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -fwrapv" -LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" +C_SEC="-fPIC -fstack-clash=protection -fstack-protector-strong -fwrapv" +LD_SEC="-Wl,-z,defs -Wl,-z,now -Wl,-z,relro -Wl,--strip-all" ## Compiler flags CFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe -U__gnu_linux__ ${C_SEC}" CXXFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe ${C_SEC}"