mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-24 22:10:13 +00:00
Enable -fstack-protector=* when requested by configure [BZ #7065]
This commit is contained in:
parent
2e6c45c59b
commit
cecbc7967f
@ -1,3 +1,10 @@
|
||||
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
|
||||
|
||||
[BZ #7065]
|
||||
Enable stack protectore if requested by ./configure.
|
||||
* Makeconfig (+stack-protector): New variable.
|
||||
(+cflags): Use it.
|
||||
|
||||
2016-12-26 Nick Alcock <nick.alcock@oracle.com>
|
||||
|
||||
[BZ #7065]
|
||||
|
@ -807,6 +807,11 @@ endif
|
||||
# disable any optimization that assume default rounding mode.
|
||||
+math-flags = -frounding-math
|
||||
|
||||
# We might want to compile with some stack-protection flag.
|
||||
ifneq ($(stack-protector),)
|
||||
+stack-protector=$(stack-protector)
|
||||
endif
|
||||
|
||||
# This is the program that generates makefile dependencies from C source files.
|
||||
# The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy
|
||||
# targets for headers so that removed headers don't break the build.
|
||||
@ -866,7 +871,8 @@ ifeq "$(strip $(+cflags))" ""
|
||||
+cflags := $(default_cflags)
|
||||
endif # $(+cflags) == ""
|
||||
|
||||
+cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags)
|
||||
+cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags) \
|
||||
$(+stack-protector)
|
||||
+gcc-nowarn := -w
|
||||
|
||||
# Don't duplicate options if we inherited variables from the parent.
|
||||
|
4
NEWS
4
NEWS
@ -89,6 +89,10 @@ Version 2.25
|
||||
* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
|
||||
are added to libc. They convert a floating-point number into string.
|
||||
|
||||
* Most of glibc can now be built with the stack smashing protector enabled.
|
||||
It is recommended to build glibc with --enable-stack-protector=strong.
|
||||
Implemented by Nick Alcock (Oracle).
|
||||
|
||||
* The function explicit_bzero, from OpenBSD, has been added to libc. It is
|
||||
intended to be used instead of memset() to erase sensitive data after use;
|
||||
the compiler will not optimize out calls to explicit_bzero even if they
|
||||
|
Loading…
Reference in New Issue
Block a user