From a58ec829e4a0e4a39e843b0b35f28d657a91d1c1 Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Thu, 20 Oct 2016 16:37:50 -0500 Subject: [PATCH] openblas: disable some hardening flags --- .../libraries/science/math/openblas/default.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkgs/development/libraries/science/math/openblas/default.nix b/pkgs/development/libraries/science/math/openblas/default.nix index 368cb6d60aa..0cc79f6b44b 100644 --- a/pkgs/development/libraries/science/math/openblas/default.nix +++ b/pkgs/development/libraries/science/math/openblas/default.nix @@ -34,6 +34,21 @@ stdenv.mkDerivation { inherit blas64; + # Some hardening features are disabled due to sporadic failures in + # OpenBLAS-based programs. The problem may not be with OpenBLAS itself, but + # with how these flags interact with hardening measures used downstream. + # In either case, OpenBLAS must only be used by trusted code--it is + # inherently unsuitable for security-conscious applications--so there should + # be no objection to disabling these hardening measures. + hardeningDisable = [ + # don't modify or move the stack + "stackprotector" "pic" + # don't alter index arithmetic + "strictoverflow" + # don't interfere with dynamic target detection. + "relro" "bindnow" + ]; + nativeBuildInputs = optionals stdenv.isDarwin [coreutils] ++ [gfortran perl which]; makeFlags =