File signal-webrtc-disable-compiler-configs.patch of Package nodejs-signal-ringrtc
SUSE: Disable the following:
* Optimizer flags. Anything other than straight -O2 isn't well tested (either more or less optimization)
* -flto still needs to be handled by gn as it needs to be disabled for some targets,
and global CFLAGS go at the end of the commandline
* Submodel options (-march and friends). Upstream notoriously forces SSE3 despite the code not requiring it.
* note that cpu options for ARM are currently left in, as they do not seem to do harm and V8 needs to know the exact target anyway
* libstdc++ assertions. Enabling them or not should in general be the distro's decision. Electron does not run untrusted code (unlike browsers) and as such does not really benefit from security paranoia.
* Debuginfo format. Upstream seems to force something that is not recognized by rpmbuild.
* per-target debuginfo level is left in as it is still useful (-g2 everywhere does not work)
* Emitting code for the PIC model. It is needed in case of shared libraries, but results in a larger executable (and Electron is already enormous)
It should be enabled individually on code that gets into separate libraries (and we know when to do it — otherwise we're getting linker error)
* -rdynamic. The rationale given is bogus (the allocator gets exported regardless). The main executable needs to be linked with -rdynamic anyway, but eg. chrome_crashpad_handler doesn't.
From 307a0f63dd9b118f4b8470ed3d7567e81fdb7a6d Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Fri, 22 Apr 2022 09:05:24 +0000
Subject: [PATCH] Disable various compiler configs
---
build/config/compiler/BUILD.gn | 114 +++++----------------------------
1 file changed, 17 insertions(+), 97 deletions(-)
--- src/build/config/compiler/BUILD.gn.orig 2025-04-21 18:29:05.106306929 +0200
+++ src/build/config/compiler/BUILD.gn 2025-04-22 20:59:45.689108303 +0200
@@ -308,9 +308,7 @@ config("compiler") {
configs += [
# See the definitions below.
- ":clang_revision",
":rustc_revision",
- ":compiler_cpu_abi",
":compiler_codegen",
":compiler_deterministic",
]
@@ -325,7 +323,6 @@ config("compiler") {
# See: https://gcc.gnu.org/PR97913
# TODO(mpdenton): remove is_clang once GCC bug is fixed.
if ((!is_nacl || is_nacl_saigo) && !is_ubsan && is_clang) {
- cflags += [ "-fno-delete-null-pointer-checks" ]
}
# Make signed overflow and pointer overflowdefined to wrap.
@@ -335,7 +332,6 @@ config("compiler") {
if (is_win) {
cflags += [ "/clang:-fwrapv" ]
} else {
- cflags += [ "-fwrapv" ]
}
}
@@ -351,7 +347,12 @@ config("compiler") {
if (!is_win) {
# Common POSIX compiler flags setup.
# --------------------------------
- cflags += [ "-fno-strict-aliasing" ] # See http://crbug.com/32204
+ # To future SUSE maintainers: Do not re-enable this, you will save yourself hours of debugging!
+ # This is an optimizer flag, not a C dialect flag to make GCC behave like clang.
+ # Despite what the -Wlto-type-mismatch warning text tells you, enabling this will NOT fix miscompiles,
+ # and seems to cause other problems in GCC12. See https://bugs.chromium.org/p/chromium/issues/detail?id=1373615#c6
+ # ANY BUGS DUE TO ALIASING SHOULD BE FIXED IN CODE, AND THE PATCHES SENT UPSTREAM!
+ # cflags += [ "-fno-strict-aliasing" ] # See http://crbug.com/32204
# Stack protection. ShadowCallStack and Stack protector address the same
# problems. Therefore, we only enable one or the other. Clang advertises SCS as
@@ -498,10 +499,6 @@ config("compiler") {
# Linux/Android/Fuchsia common flags setup.
# ---------------------------------
if (is_linux || is_chromeos || is_android || is_fuchsia) {
- asmflags += [ "-fPIC" ]
- cflags += [ "-fPIC" ]
- ldflags += [ "-fPIC" ]
- rustflags += [ "-Crelocation-model=pic" ]
if (!is_clang) {
# Use pipes for communicating between sub-processes. Faster.
@@ -1124,11 +1121,6 @@ config("libcxx_hardening") {
defines = [ "_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_NONE" ]
}
- # Enable libstdc++ hardening lightweight assertions. Those have a low
- # performance penalty but are considered a bare minimum for security.
- if (use_safe_libstdcxx) {
- defines += [ "_GLIBCXX_ASSERTIONS=1" ]
- }
}
# The BUILDCONFIG file sets this config on targets by default, which means when
@@ -1194,7 +1186,8 @@ config("thinlto_optimize_max") {
# without using everything that "compiler" brings in. Options that
# tweak code generation for a particular CPU do not belong here!
# See "compiler_codegen", below.
-config("compiler_cpu_abi") {
+config("compiler_cpu_abi") { }
+config("xcompiler_cpu_abi") {
cflags = []
ldflags = []
defines = []
@@ -1824,7 +1817,8 @@ config("treat_warnings_as_errors") {
# Collects all warning flags that are used by default. This is used as a
# subconfig of both chromium_code and no_chromium_code. This way these
# flags are guaranteed to appear on the compile command line after -Wall.
-config("default_warnings") {
+config("default_warnings") { }
+config("xdefault_warnings") {
cflags = []
cflags_c = []
cflags_cc = []
@@ -2071,11 +2065,7 @@ config("chromium_code") {
defines = [ "_HAS_NODISCARD" ]
}
} else {
- cflags = [ "-Wall" ]
- if (is_clang) {
- # Enable extra warnings for chromium_code when we control the compiler.
- cflags += [ "-Wextra" ]
- }
+ cflags = []
# In Chromium code, we define __STDC_foo_MACROS in order to get the
# C99 macros on Mac and Linux.
@@ -2084,24 +2074,6 @@ config("chromium_code") {
"__STDC_FORMAT_MACROS",
]
- if (!is_debug && !using_sanitizer && current_cpu != "s390x" &&
- current_cpu != "s390" && current_cpu != "ppc64" &&
- current_cpu != "mips" && current_cpu != "mips64" &&
- current_cpu != "riscv64" && current_cpu != "loong64") {
- # Non-chromium code is not guaranteed to compile cleanly with
- # _FORTIFY_SOURCE. Also, fortified build may fail when optimizations are
- # disabled, so only do that for Release build.
- fortify_level = "2"
-
- # ChromeOS's toolchain supports a high-quality _FORTIFY_SOURCE=3
- # implementation with a few custom glibc patches. Use that if it's
- # available.
- if (is_chromeos_device && !lacros_use_chromium_toolchain) {
- fortify_level = "3"
- }
- defines += [ "_FORTIFY_SOURCE=" + fortify_level ]
- }
-
if (is_apple) {
cflags_objc = [ "-Wimplicit-retain-self" ]
cflags_objcc = [ "-Wimplicit-retain-self" ]
@@ -2268,7 +2240,6 @@ config("no_rtti") {
config("export_dynamic") {
# TODO(crbug.com/40118868): Revisit after target_os flip is completed.
if (is_linux || is_chromeos_lacros || export_libcxxabi_from_executables) {
- ldflags = [ "-rdynamic" ]
}
}
@@ -2366,7 +2337,8 @@ config("wexit_time_destructors") {
# gcc 4.9 and earlier had no way of suppressing this warning without
# suppressing the rest of them. Here we centralize the identification of
# the gcc 4.9 toolchains.
-config("no_incompatible_pointer_warnings") {
+config("no_incompatible_pointer_warnings") { }
+config("xno_incompatible_pointer_warnings") {
cflags = []
if (is_clang) {
cflags += [ "-Wno-incompatible-pointer-types" ]
@@ -2483,7 +2455,8 @@ if (is_win) {
common_optimize_on_cflags += [ "-fno-math-errno" ]
}
-config("default_stack_frames") {
+config("default_stack_frames") { }
+config("xdefault_stack_frames") {
if (!is_win) {
if (enable_frame_pointers) {
cflags = [ "-fno-omit-frame-pointer" ]
@@ -2524,7 +2497,8 @@ config("default_stack_frames") {
# [0]: https://pinpoint-dot-chromeperf.appspot.com/job/147634a8be0000
# [1]: https://pinpoint-dot-chromeperf.appspot.com/job/132bc772be0000
# [2]: https://crrev.com/c/5447532
-config("optimize") {
+config("optimize") { }
+config("xoptimize") {
if (is_win) {
# clang-cl's /O2 corresponds to clang's -O3, and really want -O2 for
# consistency with the other platforms.
@@ -2573,7 +2547,8 @@ config("optimize") {
}
# Turn off optimizations.
-config("no_optimize") {
+config("no_optimize") { }
+config("xno_optimize") {
if (is_win) {
cflags = [
"/Od", # Disable optimization.
@@ -2613,7 +2588,8 @@ config("no_optimize") {
# Turns up the optimization level. Used to explicitly enable -O2 instead of
# -Os for select targets on platforms that use optimize_for_size. No-op
# elsewhere.
-config("optimize_max") {
+config("optimize_max") { }
+config("xoptimize_max") {
if (is_nacl && is_nacl_irt) {
# The NaCl IRT is a special case and always wants its own config.
# Various components do:
@@ -2646,7 +2622,8 @@ config("optimize_max") {
#
# TODO(crbug.com/41259697) - rework how all of these configs are related
# so that we don't need this disclaimer.
-config("optimize_speed") {
+config("optimize_speed") { }
+config("xoptimize_speed") {
if (is_nacl && is_nacl_irt) {
# The NaCl IRT is a special case and always wants its own config.
# Various components do:
@@ -2675,7 +2652,8 @@ config("optimize_speed") {
}
}
-config("optimize_fuzzing") {
+config("optimize_fuzzing") { }
+config("xoptimize_fuzzing") {
cflags = [ "-O1" ] + common_optimize_on_cflags
rustflags = [ "-Copt-level=1" ]
ldflags = common_optimize_on_ldflags
@@ -2806,7 +2784,8 @@ config("win_pdbaltpath") {
}
# Full symbols.
-config("symbols") {
+config("symbols") { cflags = ["-g2"] }
+config("xsymbols") {
rustflags = []
configs = []
if (is_win) {
@@ -2968,7 +2947,8 @@ config("symbols") {
# Minimal symbols.
# This config guarantees to hold symbol for stack trace which are shown to user
# when crash happens in unittests running on buildbot.
-config("minimal_symbols") {
+config("minimal_symbols") { cflags = ["-g1"] }
+config("xminimal_symbols") {
rustflags = []
if (is_win) {
# Functions, files, and line tables only.
@@ -3053,7 +3033,8 @@ config("minimal_symbols") {
# This configuration contains function names only. That is, the compiler is
# told to not generate debug information and the linker then just puts function
# names in the final debug information.
-config("no_symbols") {
+config("no_symbols") { cflags = ["-g0"]}
+config("xno_symbols") {
if (is_win) {
ldflags = [ "/DEBUG" ]
