From 2e0bf408961ec1023d3db1fc5d687c233661ac26 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Fri, 17 Mar 2023 06:26:48 +0000
Subject: gentoo auto-resync : 17:03:2023 - 06:26:48

---
 sys-libs/glibc/glibc-2.36-r7.ebuild | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'sys-libs/glibc/glibc-2.36-r7.ebuild')

diff --git a/sys-libs/glibc/glibc-2.36-r7.ebuild b/sys-libs/glibc/glibc-2.36-r7.ebuild
index 8bb3e20062b4..28002f738a95 100644
--- a/sys-libs/glibc/glibc-2.36-r7.ebuild
+++ b/sys-libs/glibc/glibc-2.36-r7.ebuild
@@ -472,7 +472,18 @@ setup_flags() {
 	filter-flags '-fsanitize=*'
 
 	# See end of bug #830454; we handle this via USE=cet
-	filter-flags '-fcf-protection='
+	filter-flags '-fcf-protection=*'
+
+	# When bootstrapping, we may have a situation where
+	# CET-enabled gcc from seed is used to build CET-disabled
+	# glibc. As such, gcc implicitly enables CET if no
+	# -fcf-protection flag is passed. For a typical package it
+	# should not be a problem, but for glibc it matters as it is
+	# dealing with CET in ld.so. So if CET is supposed to be
+	# disabled for glibc, be explicit about it.
+	if (use amd64 || use x86) && ! use cet; then
+		append-flags '-fcf-protection=none'
+	fi
 }
 
 use_multiarch() {
-- 
cgit v1.2.3