aboutsummaryrefslogtreecommitdiff
path: root/manual
diff options
context:
space:
mode:
authorFrédéric Bérat <fberat@redhat.com>2023-03-17 10:14:50 +0100
committerFrédéric Bérat <fberat@redhat.com>2023-07-05 16:59:34 +0200
commit64d9580cdf7e417170abbef0327e04b29712e949 (patch)
tree05b117ca603d615df45b6b006a98c8fe5242599b /manual
parente18c293af0ece38921ad71fbd76ff8049c3b2d67 (diff)
downloadglibc-64d9580cdf7e417170abbef0327e04b29712e949.zip
glibc-64d9580cdf7e417170abbef0327e04b29712e949.tar.gz
glibc-64d9580cdf7e417170abbef0327e04b29712e949.tar.bz2
Allow glibc to be built with _FORTIFY_SOURCE
Add --enable-fortify-source option. It is now possible to enable fortification through a configure option. The level may be given as parameter, if none is provided, the configure script will determine what is the highest level possible that can be set considering GCC built-ins availability and set it. If level is explicitly set to 3, configure checks if the compiler supports the built-in function necessary for it or raise an error if it isn't. If the configure option isn't explicitly enabled, it _FORTIFY_SOURCE is forcibly undefined (and therefore disabled). The result of the configure checks are new variables, ${fortify_source} and ${no_fortify_source} that can be used to appropriately populate CFLAGS. A dedicated patch will follow to make use of this variable in Makefiles when necessary. Updated NEWS and INSTALL. Adding dedicated x86_64 variant that enables the configuration. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'manual')
-rw-r--r--manual/install.texi8
1 files changed, 8 insertions, 0 deletions
diff --git a/manual/install.texi b/manual/install.texi
index a44a552..e9c66ba 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -303,6 +303,14 @@ Specify the URL that users should visit if they wish to report a bug,
to be included in @option{--help} output from programs installed with
@theglibc{}. The default value refers to the main bug-reporting
information for @theglibc{}.
+
+@item --enable-fortify-source
+@itemx --enable-fortify-source=@var{LEVEL}
+Use -D_FORTIFY_SOURCE=@option{LEVEL} to control hardening in the GNU C Library.
+If not provided, @option{LEVEL} defaults to highest possible value supported by
+the build compiler.
+
+Default is to disable fortification.
@end table
To build the library and related programs, type @code{make}. This will