aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Alcock <nick.alcock@oracle.com>2016-12-26 10:09:10 +0100
committerFlorian Weimer <fweimer@redhat.com>2016-12-26 10:11:06 +0100
commitcecbc7967f0bcac718b6f8f8942b58403c0e917c (patch)
tree2196eac197244caf06b0f9e6e5f744f01a44cfdb
parent2e6c45c59bcd40f1ae8466cbd32f4d263ff45619 (diff)
downloadglibc-cecbc7967f0bcac718b6f8f8942b58403c0e917c.zip
glibc-cecbc7967f0bcac718b6f8f8942b58403c0e917c.tar.gz
glibc-cecbc7967f0bcac718b6f8f8942b58403c0e917c.tar.bz2
Enable -fstack-protector=* when requested by configure [BZ #7065]
-rw-r--r--ChangeLog7
-rw-r--r--Makeconfig8
-rw-r--r--NEWS4
3 files changed, 18 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index edf8523..f090910 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,13 @@
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
[BZ #7065]
+ Enable stack protectore if requested by ./configure.
+ * Makeconfig (+stack-protector): New variable.
+ (+cflags): Use it.
+
+2016-12-26 Nick Alcock <nick.alcock@oracle.com>
+
+ [BZ #7065]
* signal/Makefile (CFLAGS-sigreturn.c): Use $(no-stack-protector).
* sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c:
(__rt_sigreturn_stub): Use inhibit_stack_protector.
diff --git a/Makeconfig b/Makeconfig
index 2d316ac..0158eaa 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -807,6 +807,11 @@ endif
# disable any optimization that assume default rounding mode.
+math-flags = -frounding-math
+# We might want to compile with some stack-protection flag.
+ifneq ($(stack-protector),)
++stack-protector=$(stack-protector)
+endif
+
# This is the program that generates makefile dependencies from C source files.
# The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy
# targets for headers so that removed headers don't break the build.
@@ -866,7 +871,8 @@ ifeq "$(strip $(+cflags))" ""
+cflags := $(default_cflags)
endif # $(+cflags) == ""
-+cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags)
++cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags) \
+ $(+stack-protector)
+gcc-nowarn := -w
# Don't duplicate options if we inherited variables from the parent.
diff --git a/NEWS b/NEWS
index 79cd288..77b1a0c 100644
--- a/NEWS
+++ b/NEWS
@@ -89,6 +89,10 @@ Version 2.25
* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
are added to libc. They convert a floating-point number into string.
+* Most of glibc can now be built with the stack smashing protector enabled.
+ It is recommended to build glibc with --enable-stack-protector=strong.
+ Implemented by Nick Alcock (Oracle).
+
* The function explicit_bzero, from OpenBSD, has been added to libc. It is
intended to be used instead of memset() to erase sensitive data after use;
the compiler will not optimize out calls to explicit_bzero even if they