diff options
author | Frédéric Bérat <fberat@redhat.com> | 2023-03-17 10:14:50 +0100 |
---|---|---|
committer | Frédéric Bérat <fberat@redhat.com> | 2023-07-05 16:59:34 +0200 |
commit | 64d9580cdf7e417170abbef0327e04b29712e949 (patch) | |
tree | 05b117ca603d615df45b6b006a98c8fe5242599b /INSTALL | |
parent | e18c293af0ece38921ad71fbd76ff8049c3b2d67 (diff) | |
download | glibc-64d9580cdf7e417170abbef0327e04b29712e949.zip glibc-64d9580cdf7e417170abbef0327e04b29712e949.tar.gz glibc-64d9580cdf7e417170abbef0327e04b29712e949.tar.bz2 |
Allow glibc to be built with _FORTIFY_SOURCE
Add --enable-fortify-source option.
It is now possible to enable fortification through a configure option.
The level may be given as parameter, if none is provided, the configure
script will determine what is the highest level possible that can be set
considering GCC built-ins availability and set it.
If level is explicitly set to 3, configure checks if the compiler
supports the built-in function necessary for it or raise an error if it
isn't.
If the configure option isn't explicitly enabled, it _FORTIFY_SOURCE is
forcibly undefined (and therefore disabled).
The result of the configure checks are new variables, ${fortify_source}
and ${no_fortify_source} that can be used to appropriately populate
CFLAGS.
A dedicated patch will follow to make use of this variable in Makefiles
when necessary.
Updated NEWS and INSTALL.
Adding dedicated x86_64 variant that enables the configuration.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'INSTALL')
-rw-r--r-- | INSTALL | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -276,6 +276,14 @@ if ‘CFLAGS’ is specified it must enable optimization. For example: the GNU C Library. The default value refers to the main bug-reporting information for the GNU C Library. +‘--enable-fortify-source’ +‘--enable-fortify-source=LEVEL’ + Use -D_FORTIFY_SOURCE=‘LEVEL’ to control hardening in the GNU C + Library. If not provided, ‘LEVEL’ defaults to highest possible + value supported by the build compiler. + + Default is to disable fortification. + To build the library and related programs, type ‘make’. This will produce a lot of output, some of which may look like errors from ‘make’ but aren’t. Look for error messages from ‘make’ containing ‘***’. |