summaryrefslogtreecommitdiff
path: root/sys-devel/gcc
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2023-01-23 12:55:08 +0000
committerV3n3RiX <venerix@koprulu.sector>2023-01-23 12:55:08 +0000
commit47bb4031ea0e98a9423d423f2181c0e3d06f256b (patch)
tree6a54fb70ac916b8ae725d002ac4a71386c8b6e2f /sys-devel/gcc
parent9a1d1c6b10a4640cea10e7040ed173cf593f4cab (diff)
gentoo auto-resync : 23:01:2023 - 12:55:07
Diffstat (limited to 'sys-devel/gcc')
-rw-r--r--sys-devel/gcc/Manifest2
-rw-r--r--sys-devel/gcc/metadata.xml84
2 files changed, 77 insertions, 9 deletions
diff --git a/sys-devel/gcc/Manifest b/sys-devel/gcc/Manifest
index 130e29a76ce3..1659daeacee3 100644
--- a/sys-devel/gcc/Manifest
+++ b/sys-devel/gcc/Manifest
@@ -42,4 +42,4 @@ EBUILD gcc-13.0.1.9999.ebuild 1252 BLAKE2B e8feaecedb676e0ddce69ec0e7fc5e944d8df
EBUILD gcc-13.0.1_pre20230122.ebuild 1286 BLAKE2B 613958f9d883c696a477fe6d25782dfc6ae9c37af2169c370912eed43e7f21fd33ac2b5640b5cac0cf5ec964efca42ef3d0d1d36c3a372296f45e88c79a51bf5 SHA512 c7e0a73749cc56c95d60d8ed9326cb48d968e1ecb0905b3af6c0024d75e0ee8cbefc5c5ab2fbae6aac32348c51d41cfcaf470180b05243e3a55dd0c46f58f0ab
EBUILD gcc-8.5.0-r1.ebuild 473 BLAKE2B 40d3b651d0aed62ceb1df973f1f7e2b6ce419df22da63e49d335fcd0bf7b349d1e7be40dc16e80fe143222d48ac6139d35bf47558d83c30aab4b25dba6fcf6cb SHA512 b88761a3495a1eab0de5321c9230c77cd621ae545d3be49a13273cfcd8e94cc21dbb062bfdebb64dc5bfe1ddd600ee8fb60df6fd7709a7be90915b7e99a8db29
EBUILD gcc-9.5.0.ebuild 844 BLAKE2B 7bee440ddb624d5489ebaa9be899c530bdf7d9563453a9abf45e60d1f3ed66a78535cb9227e66e93524071fbca447786e2133ea316b5b2b55366e2599c587be6 SHA512 4b578a481eb06ff5b445bbd81cf18d4d63ec2d65230e33f95377f270b391bde02c2083a1b46b43838bd115be7d75c3957258f72fb5e7d89ba79185d08195b9ec
-MISC metadata.xml 2675 BLAKE2B 71118d3d0fa3110e555c735d0e98a7790fd70b47fce637ef5e550b7e2e9eff24b008f758dcd2af5503113a44639461ad33ac7004b64fdb30d2ba1014a031d586 SHA512 0e5724c9e90e53859992ab17f4fa202d027f620015c15c1560fb2069d6c75b1ee9405358308e6df0aa5f0da21aded5fb74e79ba18ed803a39fbb3922f6664505
+MISC metadata.xml 4885 BLAKE2B 2029ff68e73fa6d97abb5d03df8efbfd03b2145ad6ced9ca7a048d48d16e5f50e12448b9d0343f8d22262dccdf4c7c4fb2554b1894a13eddc502924f9ad70220 SHA512 9c22fba4bcdb7ac3f1e8a6a36903e940f9b53c284b446e240cf3bf51590efe8af0b9219688693dad233bf8593dd306b85af9c18fb9ef253a8e3413e3b926fd9e
diff --git a/sys-devel/gcc/metadata.xml b/sys-devel/gcc/metadata.xml
index 4d9f63a02b27..d1c5c038131d 100644
--- a/sys-devel/gcc/metadata.xml
+++ b/sys-devel/gcc/metadata.xml
@@ -7,29 +7,97 @@
</maintainer>
<use>
<flag name="ada">Build the ADA language (GNAT) frontend</flag>
- <flag name="cet" restrict="&gt;=sys-devel/gcc-10">Enable support for Intel Control Flow Enforcement Technology (CET)</flag>
+ <flag name="cet" restrict="&gt;=sys-devel/gcc-10">
+ Enable support for Intel Control Flow Enforcement Technology (CET).
+
+ Only effective on amd64/x86.
+
+ Only provides benefits on newer CPUs. For Intel, the CPU
+ must be at least as new as Tiger Lake. For AMD, it must be
+ at least as new as Zen 3. This is harmless on older CPUs,
+ but provides no benefit either.
+
+ When combined with USE=hardened, GCC will set -fcf-protection
+ by default when building software. The effect is minimal
+ on systems which do not support it, other than a possible
+ small increase in codesize for the NOPs. The generated
+ code is therefore compatible with i686 at the earliest.
+ </flag>
<flag name="d">Enable support for the D programming language</flag>
- <flag name="default-stack-clash-protection">Build packages with stack clash protection on by default</flag>
- <flag name="default-znow">Request full relocation on start from ld.so by default</flag>
+ <flag name="default-stack-clash-protection">
+ Build packages with stack clash protection on by default as
+ a hardening measure.
+
+ This enables -fstack-clash-protection by default which protects against
+ large memory allocations allowing stack smashing.
+
+ May cause slightly increased codesize, but modern compilers
+ have been adapted to optimize well for this case, as
+ this mitigation is now quite common.
+
+ See https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3
+ and https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt.
+ </flag>
+ <flag name="default-znow">
+ Request full relocation on start from ld.so by default.
+
+ This sets the -z,now (BIND_NOW) flag by default on all linker invocations. By
+ resolving all dynamic symbols at application startup, parts of the program
+ can be made read-only as a hardening measure.
+
+ This is closely related to RELRO which is also separately
+ enabled by default.
+
+ In some applications with many unresolved symbols (heavily plugin based,
+ for example), startup time may be impacted.
+ </flag>
<flag name="fixed-point">Enable fixed-point arithmetic support for MIPS targets in gcc (Warning: significantly increases compile time!)</flag>
<flag name="go">Build the GCC Go language frontend.</flag>
<flag name="graphite">Add support for the framework for loop optimizations based on a polyhedral intermediate representation</flag>
<flag name="ieee-long-double">Use accelerated 128-bit IEEE long double ABI (ppc64le only)</flag>
<flag name="jit">Enable libgccjit so other applications can embed gcc for Just-In-Time compilation.</flag>
<flag name="libssp">Build SSP support into a dedicated library rather than use the code in the C library (DO NOT ENABLE THIS IF YOU DON'T KNOW WHAT IT DOES)</flag>
- <flag name="lto">Build using Link Time Optimizations (LTO)</flag>
+ <flag name="lto">
+ Build using Link Time Optimizations (LTO).
+
+ Note that GCC is always built with support for building
+ other programs with LTO. This USE flag is for whether
+ GCC itself is built and optimized with LTO.
+ </flag>
<flag name="mpx">Enable support for Intel Memory Protection Extensions (MPX)</flag>
<flag name="nptl">Enable support for Native POSIX Threads Library, the new threading module (requires linux-2.6 or better usually)</flag>
<flag name="objc">Build support for the Objective C code language</flag>
<flag name="objc++">Build support for the Objective C++ language</flag>
<flag name="objc-gc">Build support for the Objective C code language Garbage Collector</flag>
- <flag name="pgo">Build GCC using Profile Guided Optimization (PGO)</flag>
+ <flag name="pgo">
+ Build GCC using Profile Guided Optimization (PGO).
+
+ GCC will build itself and then analyze the just-built
+ binary and then rebuild itself using the data obtained
+ from analysis of codepaths taken.
+
+ It does not affect whether GCC itself supports PGO
+ when building other software.
+
+ This substantially increases the build time needed for
+ building GCC itself.
+ </flag>
<flag name="rust">Build support for the Rust language, installs gccrs.</flag>
- <flag name="sanitize">Build support for various sanitizer functions (ASAN/TSAN/etc...)</flag>
- <flag name="ssp">Build packages with stack smashing protector on by default</flag>
+ <flag name="sanitize">
+ Build support for various sanitizer functions (ASAN/TSAN/etc...)
+ to find runtime problems in applications.
+ </flag>
+ <flag name="ssp">Build packages with stack smashing protection on by default</flag>
<flag name="systemtap">enable systemtap static probe points</flag>
<flag name="valgrind">Enable valgrind annotations for gcc internals (useful for gcc debugging).</flag>
- <flag name="vtv">Build support for virtual table verification (a C++ hardening feature)</flag>
+ <flag name="vtv">
+ Build support for virtual table verification (a C++ hardening feature).
+
+ This does not control whether GCC defaults to using VTV>
+
+ Note that actually using VTV breaks ABI and hence the whole
+ system must be built with -fvtable-verify.
+ </flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:gnu:gcc</remote-id>