Re: [gentoo-dev] Re: News item for hardened profile about gcc.
On Sun, Oct 24, 2010 at 3:34 AM, Duncan 1i5t5.dun...@cox.net wrote: Magnus Granberg posted on Sun, 24 Oct 2010 03:01:40 +0200 as excerpted: Display-If-Install: sys-devel/gcc-4.4 Typo: Display-If-Installed: ^^ Meanwhile, the title reflects hardened profiles, but the updated conditions aren't viewed only on hardened. The no-support-for-gcc-4 policy would seem reasonable for most profiles (don't know about the exotic archs). Either the title should be updated to reflect that it applies in general (not just on hardened), or the condition to display only on hardened should be maintained. Either way, making it clearer in the body as well would be wise, so people seeing it only on hardened (if it applies only to them, for example) will have less chance of missing that, if they have regular installs as well. But I don't remember whether multiple conditions are ANDed or ORed; they should be ANDed here, if it's to apply to ONLY hardened with gcc-4.4 installed. -- Duncan - List replies preferred. No HTML msgs. Every nonfree program has a lord, a master -- and if you use the program, he is your master. Richard Stallman Hi all, After reading this post I went to wikipedia to read about the SSP. http://en.wikipedia.org/wiki/Buffer_overflow_protection At the paragraph GCC Stack-Smashing Protector (ProPolice), its written It was implemented as a patch to GCC 3.x; a less intrusive reimplementation is included in the GCC 4.1 release. Currently, SSP is standard in OpenBSD, FreeBSD (since 8.0), Ubuntu (since 8.04 LTS[3]), and DragonFly BSD. It is also available in NetBSD (enabled by default on x86), Debian and Gentoo, disabled by default. Now this should be changed, if the SSP flag is becoming default. Regards, Kfir
Re: [gentoo-dev] Re: News item for hardened profile about gcc.
On Sun, 24 Oct 2010, Magnus Granberg wrote: Title: Info on GCC 4.4.4-r2 and GCC 3.X on Hardened profiles Too long. Maximum is 44 characters for the Title, according to GLEP 42. Revision: 1.1 This should always start with 1 (and it's one integer number) Display-If-Install: sys-devel/gcc-4.4 s/Install/Installed/ Ulrich
Re: [gentoo-dev] Re: News item for hardened profile about gcc.
On Sunday 24 October 2010 10.04.34 Kfir Lavi wrote: On Sun, Oct 24, 2010 at 3:34 AM, Duncan 1i5t5.dun...@cox.net wrote: Magnus Granberg posted on Sun, 24 Oct 2010 03:01:40 +0200 as excerpted: Display-If-Install: sys-devel/gcc-4.4 Typo: Display-If-Installed: ^^ Meanwhile, the title reflects hardened profiles, but the updated conditions aren't viewed only on hardened. The no-support-for-gcc-4 policy would seem reasonable for most profiles (don't know about the exotic archs). Either the title should be updated to reflect that it applies in general (not just on hardened), or the condition to display only on hardened should be maintained. Either way, making it clearer in the body as well would be wise, so people seeing it only on hardened (if it applies only to them, for example) will have less chance of missing that, if they have regular installs as well. But I don't remember whether multiple conditions are ANDed or ORed; they should be ANDed here, if it's to apply to ONLY hardened with gcc-4.4 installed. -- Duncan - List replies preferred. No HTML msgs. Every nonfree program has a lord, a master -- and if you use the program, he is your master. Richard Stallman Hi all, After reading this post I went to wikipedia to read about the SSP. http://en.wikipedia.org/wiki/Buffer_overflow_protection At the paragraph GCC Stack-Smashing Protector (ProPolice), its written It was implemented as a patch to GCC 3.x; a less intrusive reimplementation is included in the GCC 4.1 release. Currently, SSP is standard in OpenBSD, FreeBSD (since 8.0), Ubuntu (since 8.04 LTS[3]), and DragonFly BSD. It is also available in NetBSD (enabled by default on x86), Debian and Gentoo, disabled by default. Now this should be changed, if the SSP flag is becoming default. Regards, Kfir Updated the news item. Thanks for the notes Duncan. @Kfir It is only the hardened gcc that have the SSP enable as default. We can add that Gentoo (Hardened) have it enable. /Magnus /Magnus Title: Info about GCC on Hardened profiles Author: Magnus Granberg zo...@gentoo.org Content-Type: text/plain Posted: 2010-10-27 Revision: 3 News-Item-Format: 1.0 Display-If-Installed: sys-devel/gcc-4.4 and hardened GCC 4.4.4-r2 is now stable in the hardened profiles (on x86 and amd64 as of 2010-10-24, other architectures will follow later). Starting from this version, SSP support is enabled by default for the architectures it is supported on (namely x86, amd64, ppc, ppc64 and arm). Previously, GCC 4.3.4 had SSP support but it was not enabled by default. Older GCC versions in the hardened profiles, such as the GCC 3.x series will be obsoleted, problems arising on those versions, but not applying to GCC 4.4.4-r2 will not be fixed, so please update to the new version. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Re: News item for hardened profile about gcc.
On Sun, Oct 24, 2010 at 11:31 AM, Magnus Granberg zo...@gentoo.org wrote: On Sunday 24 October 2010 10.04.34 Kfir Lavi wrote: On Sun, Oct 24, 2010 at 3:34 AM, Duncan 1i5t5.dun...@cox.net wrote: Magnus Granberg posted on Sun, 24 Oct 2010 03:01:40 +0200 as excerpted: Display-If-Install: sys-devel/gcc-4.4 Typo: Display-If-Installed: ^^ Meanwhile, the title reflects hardened profiles, but the updated conditions aren't viewed only on hardened. The no-support-for-gcc-4 policy would seem reasonable for most profiles (don't know about the exotic archs). Either the title should be updated to reflect that it applies in general (not just on hardened), or the condition to display only on hardened should be maintained. Either way, making it clearer in the body as well would be wise, so people seeing it only on hardened (if it applies only to them, for example) will have less chance of missing that, if they have regular installs as well. But I don't remember whether multiple conditions are ANDed or ORed; they should be ANDed here, if it's to apply to ONLY hardened with gcc-4.4 installed. -- Duncan - List replies preferred. No HTML msgs. Every nonfree program has a lord, a master -- and if you use the program, he is your master. Richard Stallman Hi all, After reading this post I went to wikipedia to read about the SSP. http://en.wikipedia.org/wiki/Buffer_overflow_protection At the paragraph GCC Stack-Smashing Protector (ProPolice), its written It was implemented as a patch to GCC 3.x; a less intrusive reimplementation is included in the GCC 4.1 release. Currently, SSP is standard in OpenBSD, FreeBSD (since 8.0), Ubuntu (since 8.04 LTS[3]), and DragonFly BSD. It is also available in NetBSD (enabled by default on x86), Debian and Gentoo, disabled by default. Now this should be changed, if the SSP flag is becoming default. Regards, Kfir Updated the news item. Thanks for the notes Duncan. @Kfir It is only the hardened gcc that have the SSP enable as default. We can add that Gentoo (Hardened) have it enable. /Magnus /Magnus Ok, I have modified the SSP section in wikipedia. Regards, Kfir
Re: [gentoo-dev] Re: News item for hardened profile about gcc.
On Sun, 24 Oct 2010, Magnus Granberg wrote: Display-If-Installed: sys-devel/gcc-4.4 and hardened If I understand portage's logic correctly, then this header will not work. But you can use Display-If-Installed for the dependency atom and Display-If-Profile for the profile. Headers of different type will be linked by a logical and. Revision: 3 This should still be 1. Revision should be increased only for changes to an already committed news item, not during discussion. Ulrich
Re: [gentoo-dev] Re: News item for hardened profile about gcc.
On Sunday 24 October 2010 12.04.13 Ulrich Mueller wrote: On Sun, 24 Oct 2010, Magnus Granberg wrote: Display-If-Installed: sys-devel/gcc-4.4 and hardened If I understand portage's logic correctly, then this header will not work. But you can use Display-If-Installed for the dependency atom and Display-If-Profile for the profile. Headers of different type will be linked by a logical and. Revision: 3 This should still be 1. Revision should be increased only for changes to an already committed news item, not during discussion. Ulrich Updated Thanks Ulrich for the notes. /Magnus Title: Info about GCC on Hardened profiles Author: Magnus Granberg zo...@gentoo.org Content-Type: text/plain Posted: 2010-10-27 Revision: 1 News-Item-Format: 1.0 Display-If-Installed: sys-devel/gcc-4.4 Display-If-Profile: hardened/linux GCC 4.4.4-r2 is now stable in the hardened profiles (on x86 and amd64 as of 2010-10-24, other architectures will follow later). Starting from this version, SSP support is enabled by default for the architectures it is supported on (namely x86, amd64, ppc, ppc64 and arm). Previously, GCC 4.3.4 had SSP support but it was not enabled by default. Older GCC versions in the hardened profiles, such as the GCC 3.x series will be obsoleted, problems arising on those versions, but not applying to GCC 4.4.4-r2 will not be fixed, so please update to the new version. signature.asc Description: This is a digitally signed message part.
[gentoo-dev] Re: News item for hardened profile about gcc.
Il giorno dom, 24/10/2010 alle 02.28 +0200, Magnus Granberg ha scritto: You may have noticed that GCC 4.4.4-r2 has gone stable on x86 and amd64. The other archs will follow later. We have enable SSP support by default on this and on newer versions for arches where it is supported, namely on x86, amd64, ppc, ppc64 and arm. The previous version GCC 4.3.4 had SSP, but it was not enabled by default. Older gcc's like 3.X versions will be obsoleted and we will not fix any bugs that work on GCC-4.4.4-r2 or newer, but fail with gcc 3.X. I'd suggest updating it to Display-If-Installed: sys-devel/gcc-4.4 GCC 4.4.4-r2 is now stable (on x86 and amd64 as of 2010-10-24, other architectures will follow later). Starting from this version, SSP support is enabled by default for the architectures it is supported on (namely x86, amd64, ppc, ppc64 and arm). Previously, GCC 4.3.4 had SSP support but it was not enabled by default. Older GCC versions, such as the GCC 3.x series will be obsoleted; problems arising on those versions, but not applying to GCC 4.4.4-r2 will not be fixed, so please update to the new version. -- Diego Elio Pettenò — “Flameeyes” http://blog.flameeyes.eu/ If you found a .asc file in this mail and know not what it is, it's a GnuPG digital signature: http://www.gnupg.org/ signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Re: News item for hardened profile about gcc.
On Sunday 24 October 2010 02.44.00 Diego Elio Pettenò wrote: Il giorno dom, 24/10/2010 alle 02.28 +0200, Magnus Granberg ha scritto: You may have noticed that GCC 4.4.4-r2 has gone stable on x86 and amd64. The other archs will follow later. We have enable SSP support by default on this and on newer versions for arches where it is supported, namely on x86, amd64, ppc, ppc64 and arm. The previous version GCC 4.3.4 had SSP, but it was not enabled by default. Older gcc's like 3.X versions will be obsoleted and we will not fix any bugs that work on GCC-4.4.4-r2 or newer, but fail with gcc 3.X. I'd suggest updating it to Display-If-Installed: sys-devel/gcc-4.4 GCC 4.4.4-r2 is now stable (on x86 and amd64 as of 2010-10-24, other architectures will follow later). Starting from this version, SSP support is enabled by default for the architectures it is supported on (namely x86, amd64, ppc, ppc64 and arm). Previously, GCC 4.3.4 had SSP support but it was not enabled by default. Older GCC versions, such as the GCC 3.x series will be obsoleted; problems arising on those versions, but not applying to GCC 4.4.4-r2 will not be fixed, so please update to the new version. Thanks for the notes Have updated the news item with that changes. /Magnus (Zorry) Title: Info on GCC 4.4.4-r2 and GCC 3.X on Hardened profiles Author: Magnus Granberg zo...@gentoo.org Content-Type: text/plain Posted: 2010-10-27 Revision: 1.1 News-Item-Format: 1.0 Display-If-Install: sys-devel/gcc-4.4 GCC 4.4.4-r2 is now stable (on x86 and amd64 as of 2010-10-24, other architectures will follow later). Starting from this version, SSP support is enabled by default for the architectures it is supported on (namely x86, amd64, ppc, ppc64 and arm). Previously, GCC 4.3.4 had SSP support but it was not enabled by default. Older GCC versions, such as the GCC 3.x series will be obsoleted; problems arising on those versions, but not applying to GCC 4.4.4-r2 will not be fixed, so please update to the new version. signature.asc Description: This is a digitally signed message part.
[gentoo-dev] Re: News item for hardened profile about gcc.
Magnus Granberg posted on Sun, 24 Oct 2010 03:01:40 +0200 as excerpted: Display-If-Install: sys-devel/gcc-4.4 Typo: Display-If-Installed: ^^ Meanwhile, the title reflects hardened profiles, but the updated conditions aren't viewed only on hardened. The no-support-for-gcc-4 policy would seem reasonable for most profiles (don't know about the exotic archs). Either the title should be updated to reflect that it applies in general (not just on hardened), or the condition to display only on hardened should be maintained. Either way, making it clearer in the body as well would be wise, so people seeing it only on hardened (if it applies only to them, for example) will have less chance of missing that, if they have regular installs as well. But I don't remember whether multiple conditions are ANDed or ORed; they should be ANDed here, if it's to apply to ONLY hardened with gcc-4.4 installed. -- Duncan - List replies preferred. No HTML msgs. Every nonfree program has a lord, a master -- and if you use the program, he is your master. Richard Stallman