From cecbc7967f0bcac718b6f8f8942b58403c0e917c Mon Sep 17 00:00:00 2001
From: Nick Alcock <nick.alcock@oracle.com>
Date: Mon, 26 Dec 2016 10:09:10 +0100
Subject: Enable -fstack-protector=* when requested by configure [BZ #7065]

---
 ChangeLog  | 7 +++++++
 Makeconfig | 8 +++++++-
 NEWS       | 4 ++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index edf8523..f090910 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,13 @@
 2016-12-26  Nick Alcock  <nick.alcock@oracle.com>
 
 	[BZ #7065]
+	Enable stack protectore if requested by ./configure.
+	* Makeconfig (+stack-protector): New variable.
+	(+cflags): Use it.
+
+2016-12-26  Nick Alcock  <nick.alcock@oracle.com>
+
+	[BZ #7065]
 	* signal/Makefile (CFLAGS-sigreturn.c): Use $(no-stack-protector).
 	* sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c:
 	(__rt_sigreturn_stub): Use inhibit_stack_protector.
diff --git a/Makeconfig b/Makeconfig
index 2d316ac..0158eaa 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -807,6 +807,11 @@ endif
 # disable any optimization that assume default rounding mode.
 +math-flags = -frounding-math
 
+# We might want to compile with some stack-protection flag.
+ifneq ($(stack-protector),)
++stack-protector=$(stack-protector)
+endif
+
 # This is the program that generates makefile dependencies from C source files.
 # The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy
 # targets for headers so that removed headers don't break the build.
@@ -866,7 +871,8 @@ ifeq	"$(strip $(+cflags))" ""
 +cflags	:= $(default_cflags)
 endif	# $(+cflags) == ""
 
-+cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags)
++cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags) \
+	   $(+stack-protector)
 +gcc-nowarn := -w
 
 # Don't duplicate options if we inherited variables from the parent.
diff --git a/NEWS b/NEWS
index 79cd288..77b1a0c 100644
--- a/NEWS
+++ b/NEWS
@@ -89,6 +89,10 @@ Version 2.25
 * The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
   are added to libc.  They convert a floating-point number into string.
 
+* Most of glibc can now be built with the stack smashing protector enabled.
+  It is recommended to build glibc with --enable-stack-protector=strong.
+  Implemented by Nick Alcock (Oracle).
+
 * The function explicit_bzero, from OpenBSD, has been added to libc.  It is
   intended to be used instead of memset() to erase sensitive data after use;
   the compiler will not optimize out calls to explicit_bzero even if they
-- 
cgit v1.1