subject:"\[gentoo\-commits\] data\/gentoo\-news\:master commit in\: 2023\-01\-01\-hardening\-fortify\-assertions\/"

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

2023-01-14 Thread Sam James

commit: a49aa1b25808f0e08157406a45560e3b7efba275
Author: Sam James  gentoo  org>
AuthorDate: Sat Jan 14 23:05:23 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Sat Jan 14 23:05:23 2023 +
URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=a49aa1b2

2023-01-01-hardening-fortify-assertions: add missing hardened (SELinux) profiles

Thanks-to: Oskari Pirhonen  gmail.com>
Signed-off-by: Sam James  gentoo.org>

 .../2023-01-01-hardening-fortify-assertions.en.txt | 26 ++
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git 
a/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
index f0aab21..847e968 100644
--- 
a/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
+++ 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
@@ -5,21 +5,29 @@ Revision: 2
 News-Item-Format: 2.0
 Display-If-Installed: sys-devel/gcc[hardened]
 Display-If-Profile: features/hardened
-Display-If-Profile: default/linux/ppc64le/17.0/musl/hardened
-Display-If-Profile: default/linux/ppc/17.0/musl/hardened
-Display-If-Profile: default/linux/amd64/17.0/no-multilib/hardened
-Display-If-Profile: default/linux/amd64/17.0/hardened
 Display-If-Profile: default/linux/amd64/17.0/musl/hardened
+Display-If-Profile: default/linux/amd64/17.0/musl/hardened/selinux
 Display-If-Profile: default/linux/amd64/17.1/hardened
+Display-If-Profile: default/linux/amd64/17.1/hardened/selinux
 Display-If-Profile: default/linux/amd64/17.1/no-multilib/hardened
-Display-If-Profile: default/linux/x86/17.0/hardened
-Display-If-Profile: default/linux/arm/17.0/musl/armv7a/hardened
-Display-If-Profile: default/linux/arm/17.0/musl/armv6j/hardened
-Display-If-Profile: default/linux/arm/17.0/armv7a/hardened
+Display-If-Profile: default/linux/amd64/17.1/no-multilib/hardened/selinux
 Display-If-Profile: default/linux/arm/17.0/armv6j/hardened
-Display-If-Profile: default/linux/ppc64/17.0/musl/hardened
+Display-If-Profile: default/linux/arm/17.0/armv7a/hardened
+Display-If-Profile: default/linux/arm/17.0/armv7a/hardened/selinux
+Display-If-Profile: default/linux/arm/17.0/armv7a/hardened/selinux
+Display-If-Profile: default/linux/arm/17.0/musl/armv6j/hardened
+Display-If-Profile: default/linux/arm/17.0/musl/armv6j/hardened/selinux
+Display-If-Profile: default/linux/arm/17.0/musl/armv7a/hardened
+Display-If-Profile: default/linux/arm/17.0/musl/armv7a/hardened/selinux
 Display-If-Profile: default/linux/arm64/17.0/hardened
+Display-If-Profile: default/linux/arm64/17.0/hardened/selinux
 Display-If-Profile: default/linux/arm64/17.0/musl/hardened
+Display-If-Profile: default/linux/arm64/17.0/musl/hardened/selinux
+Display-If-Profile: default/linux/ppc/17.0/musl/hardened
+Display-If-Profile: default/linux/ppc64/17.0/musl/hardened
+Display-If-Profile: default/linux/ppc64le/17.0/musl/hardened
+Display-If-Profile: default/linux/x86/17.0/hardened
+Display-If-Profile: default/linux/x86/17.0/hardened/selinux
 
 Gentoo's hardened profiles are adopting two new modern toolchain hardening
 techniques:

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

2023-01-01 Thread Sam James

commit: 6b8c798b7b8b2b2ea9cb833842c733c494ad0df2
Author: Sam James  gentoo  org>
AuthorDate: Sun Jan  1 22:10:25 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Sun Jan  1 22:10:25 2023 +
URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=6b8c798b

2023-01-01-hardening-fortify-assertions: add Display-If-Installed: 
sys-devel/gcc[hardened]

Signed-off-by: Sam James  gentoo.org>

 .../2023-01-01-hardening-fortify-assertions.en.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git 
a/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
index ea3ac1b..f0aab21 100644
--- 
a/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
+++ 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
@@ -1,8 +1,9 @@
 Title: Hardened profiles improvements
 Author: Sam James 
 Posted: 2023-01-01
-Revision: 1
+Revision: 2
 News-Item-Format: 2.0
+Display-If-Installed: sys-devel/gcc[hardened]
 Display-If-Profile: features/hardened
 Display-If-Profile: default/linux/ppc64le/17.0/musl/hardened
 Display-If-Profile: default/linux/ppc/17.0/musl/hardened

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

2023-01-01 Thread Sam James

commit: 5f74f9d9698950a8204c22eddac11eb4654d260e
Author: Sam James  gentoo  org>
AuthorDate: Sun Jan  1 22:09:28 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Sun Jan  1 22:09:28 2023 +
URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=5f74f9d9

2023-01-01-hardening-fortify-assertions: mention 'gcc-config latest'

Signed-off-by: Sam James  gentoo.org>

 .../2023-01-01-hardening-fortify-assertions.en.txt | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git 
a/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
index 3b2ff02..ea3ac1b 100644
--- 
a/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
+++ 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
@@ -39,9 +39,10 @@ of these improvements early, before GCC 12 is marked stable.
 
 To fully take advantage of these new settings, GCC must first
 be upgraded, and then all packages must be re-emerged:
-1. emerge --sync
-2. emerge --verbose --oneshot ">=sys-devel/gcc-12.2.1_p20221231"
-3. emerge --verbose --emptytree @world
+1. # emerge --sync
+2. # emerge --verbose --oneshot ">=sys-devel/gcc-12.2.1_p20221231"
+3. # gcc-config latest
+4. # emerge --verbose --emptytree @world
 
 ## Troubleshooting

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

2023-01-01 Thread Sam James

commit: 55ff6471ce55a668602922eb922642d0a405b020
Author: Sam James  gentoo  org>
AuthorDate: Sun Jan  1 21:40:20 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Sun Jan  1 21:40:20 2023 +
URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=55ff6471

2023-01-01-hardening-fortify-assertions: update GCC version

Signed-off-by: Sam James  gentoo.org>

 .../2023-01-01-hardening-fortify-assertions.en.txt  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git 
a/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
index dfe9127..3b2ff02 100644
--- 
a/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
+++ 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
@@ -26,12 +26,12 @@ techniques:
 2. libstdc++ assertions (-D_GLIBCXX_ASSERTIONS) [1]
 
 These will both be enabled by default with USE=hardened on sys-devel/gcc
-for >=sys-devel/gcc-12.2.1_p20221224-r1.
+for >=sys-devel/gcc-12.2.1_p20221231.
 
 To view the existing list of hardening changes applied by the profiles,
 see the wiki [2].
 
-Stable users may wish to add sys-devel/gcc-12.2.1_p20221224-r1 into
+Stable users may wish to add sys-devel/gcc-12.2.1_p20221231 into
 /etc/portage/package.accept_keywords if they wish to take advantage
 of these improvements early, before GCC 12 is marked stable.
 
@@ -40,7 +40,7 @@ of these improvements early, before GCC 12 is marked stable.
 To fully take advantage of these new settings, GCC must first
 be upgraded, and then all packages must be re-emerged:
 1. emerge --sync
-2. emerge --verbose --oneshot ">=sys-devel/gcc-12.2.1_p20221224-r1"
+2. emerge --verbose --oneshot ">=sys-devel/gcc-12.2.1_p20221231"
 3. emerge --verbose --emptytree @world
 
 ## Troubleshooting

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

2023-01-01 Thread Sam James

commit: 469c078b8ada3bc00da386bd2eaa2dc3410e3323
Author: Sam James  gentoo  org>
AuthorDate: Wed Dec 28 19:33:34 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Sun Jan  1 21:16:42 2023 +
URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=469c078b

2023-01-01-hardening-fortify-assertions: add item

Bug: https://bugs.gentoo.org/876893
Bug: https://bugs.gentoo.org/876895
Signed-off-by: Sam James  gentoo.org>

 .../2023-01-01-hardening-fortify-assertions.en.txt | 57 ++
 1 file changed, 57 insertions(+)

diff --git 
a/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
new file mode 100644
index 000..dfe9127
--- /dev/null
+++ 
b/2023-01-01-hardening-fortify-assertions/2023-01-01-hardening-fortify-assertions.en.txt
@@ -0,0 +1,57 @@
+Title: Hardened profiles improvements
+Author: Sam James 
+Posted: 2023-01-01
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: features/hardened
+Display-If-Profile: default/linux/ppc64le/17.0/musl/hardened
+Display-If-Profile: default/linux/ppc/17.0/musl/hardened
+Display-If-Profile: default/linux/amd64/17.0/no-multilib/hardened
+Display-If-Profile: default/linux/amd64/17.0/hardened
+Display-If-Profile: default/linux/amd64/17.0/musl/hardened
+Display-If-Profile: default/linux/amd64/17.1/hardened
+Display-If-Profile: default/linux/amd64/17.1/no-multilib/hardened
+Display-If-Profile: default/linux/x86/17.0/hardened
+Display-If-Profile: default/linux/arm/17.0/musl/armv7a/hardened
+Display-If-Profile: default/linux/arm/17.0/musl/armv6j/hardened
+Display-If-Profile: default/linux/arm/17.0/armv7a/hardened
+Display-If-Profile: default/linux/arm/17.0/armv6j/hardened
+Display-If-Profile: default/linux/ppc64/17.0/musl/hardened
+Display-If-Profile: default/linux/arm64/17.0/hardened
+Display-If-Profile: default/linux/arm64/17.0/musl/hardened
+
+Gentoo's hardened profiles are adopting two new modern toolchain hardening
+techniques:
+1. Level 3 fortification (-D_FORTIFY_SOURCE=3) [0]
+2. libstdc++ assertions (-D_GLIBCXX_ASSERTIONS) [1]
+
+These will both be enabled by default with USE=hardened on sys-devel/gcc
+for >=sys-devel/gcc-12.2.1_p20221224-r1.
+
+To view the existing list of hardening changes applied by the profiles,
+see the wiki [2].
+
+Stable users may wish to add sys-devel/gcc-12.2.1_p20221224-r1 into
+/etc/portage/package.accept_keywords if they wish to take advantage
+of these improvements early, before GCC 12 is marked stable.
+
+## Migration
+
+To fully take advantage of these new settings, GCC must first
+be upgraded, and then all packages must be re-emerged:
+1. emerge --sync
+2. emerge --verbose --oneshot ">=sys-devel/gcc-12.2.1_p20221224-r1"
+3. emerge --verbose --emptytree @world
+
+## Troubleshooting
+
+In the event that some packages fail at runtime, please file a bug
+with the full details. To temporarily workaround the problem,
+it should be possible to recompile broken packages with the
+following *FLAGS:
+CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
+CXXFLAGS="${CXXFLAGS} -D_FORTIFY_SOURCE=2 -U_GLIBCXX_ASSERTIONS"
+
+[0] https://bugs.gentoo.org/876893
+[1] https://bugs.gentoo.org/876895
+[2] https://wiki.gentoo.org/wiki/Hardened/Toolchain#Changes

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

[gentoo-commits] data/gentoo-news:master commit in: 2023-01-01-hardening-fortify-assertions/

5 matches

Site Navigation

Mail list logo

Footer information