Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#64270 - [gcc] missing spec string for additional compile time stack protector disable

Attached to Project: Arch Linux
Opened by Matt Weber (matthewlweber) - Saturday, 26 October 2019, 08:25 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Thursday, 07 May 2020, 17:48 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Bartłomiej Piotrowski (Barthalion)
Architecture x86_64
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


The compiler on Arch Linux always builds with -fstack-protector, even when -ffreestanding is passed.  However, when -fnostdlib is passed at link time (which is normally the case when building with -ffreestanding), it is not linked with the stack-protector library.  This leads to a link time error:
/usr/bin/ld: x86/realmode.o: in function `print_serial_u32':
.../x86/realmode.c:104: undefined reference to `__stack_chk_fail'

What was observed in a working build on Ubuntu was that there were the same link time (link_ssp) SSP conditions in the spec.  However for compiler spec options, the following additional item was present. 
%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}} %{!Wformat:%{!Wformat=2:%{!Wformat=0:%{!Wall:-Wform
at} %{!Wno-format-security:-Wformat-security}}}}

We believe that a GCC build when "--enable-default-ssp" adds the "ssp_default" to the spec. Does Arch use that option or a custom patch to set the stack protector flags?

Additional info:
* package version(s)
gcc 9.2.0

Steps to reproduce:
1) git clone
2) cd kvm-unit-tests ; make

That example compiles an application with the -ffreestanding compile flag and links it with -nostdlib set.  This should normally bypass the stack protector default (RHEL / Ubuntu / Debian)
This task depends upon

Closed by  Bartłomiej Piotrowski (Barthalion)
Thursday, 07 May 2020, 17:48 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in 9.3.0.
Comment by Dave Reisner (falconindy) - Saturday, 26 October 2019, 08:36 GMT Comment by Matt Weber (matthewlweber) - Saturday, 26 October 2019, 09:24 GMT
Dug a little more and it looks like most distros are carrying a patch to add either ssp_default or equivalent. Here for an example in Gentoo, search for ssp-fix to find the right gcc fixup (

Similar example from Debian is still carrying gcc-default-ssp.diff:
Comment by Michel Koss (MichelKoss1) - Saturday, 26 October 2019, 13:58 GMT
Here's direct link to gentoo gcc 9.2.0 patch which is most relevant: