|
|
00db10 |
Comprehensive stack protector support was added to upstream glibc with
|
|
|
00db10 |
this commit:
|
|
|
00db10 |
|
|
|
00db10 |
commit cecbc7967f0bcac718b6f8f8942b58403c0e917c
|
|
|
00db10 |
Author: Nick Alcock <nick.alcock@oracle.com>
|
|
|
00db10 |
Date: Mon Dec 26 10:09:10 2016 +0100
|
|
|
00db10 |
|
|
|
00db10 |
Enable -fstack-protector=* when requested by configure [BZ #7065]
|
|
|
00db10 |
|
|
|
00db10 |
It is a superset of the functionality in this patch.
|
|
|
00db10 |
|
|
|
00db10 |
diff -urN glibc-2.17-c758a686/config.make.in glibc-2.17-c758a686/config.make.in
|
|
|
00db10 |
--- glibc-2.17-c758a686/config.make.in 2014-02-27 10:33:11.466763885 -0500
|
|
|
00db10 |
+++ glibc-2.17-c758a686/config.make.in 2014-02-27 10:36:44.481320149 -0500
|
|
|
00db10 |
@@ -62,6 +62,7 @@
|
|
|
00db10 |
have-as-vis3 = @libc_cv_sparc_as_vis3@
|
|
|
00db10 |
gnu89-inline-CFLAGS = @gnu89_inline@
|
|
|
00db10 |
have-ssp = @libc_cv_ssp@
|
|
|
00db10 |
+have-ssp-strong = @libc_cv_ssp_strong@
|
|
|
00db10 |
have-selinux = @have_selinux@
|
|
|
00db10 |
have-libaudit = @have_libaudit@
|
|
|
00db10 |
have-libcap = @have_libcap@
|
|
|
00db10 |
diff -urN glibc-2.17-c758a686/configure glibc-2.17-c758a686/configure
|
|
|
00db10 |
--- glibc-2.17-c758a686/configure 2014-02-27 10:33:11.561763687 -0500
|
|
|
00db10 |
+++ glibc-2.17-c758a686/configure 2014-02-27 10:32:28.885852593 -0500
|
|
|
00db10 |
@@ -610,6 +610,7 @@
|
|
|
00db10 |
libc_cv_cc_submachine
|
|
|
00db10 |
exceptions
|
|
|
00db10 |
gnu89_inline
|
|
|
00db10 |
+libc_cv_ssp_strong
|
|
|
00db10 |
libc_cv_ssp
|
|
|
00db10 |
fno_unit_at_a_time
|
|
|
00db10 |
libc_cv_output_format
|
|
|
00db10 |
@@ -6758,6 +6759,27 @@
|
|
|
00db10 |
$as_echo "$libc_cv_ssp" >&6; }
|
|
|
00db10 |
|
|
|
00db10 |
|
|
|
00db10 |
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fstack-protector-strong" >&5
|
|
|
00db10 |
+$as_echo_n "checking for -fstack-protector-strong... " >&6; }
|
|
|
00db10 |
+if ${libc_cv_ssp_strong+:} false; then :
|
|
|
00db10 |
+ $as_echo_n "(cached) " >&6
|
|
|
00db10 |
+else
|
|
|
00db10 |
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -Werror -fstack-protector-strong -xc /dev/null -S -o /dev/null'
|
|
|
00db10 |
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
|
|
|
00db10 |
+ (eval $ac_try) 2>&5
|
|
|
00db10 |
+ ac_status=$?
|
|
|
00db10 |
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
|
|
00db10 |
+ test $ac_status = 0; }; }; then :
|
|
|
00db10 |
+ libc_cv_ssp_strong=yes
|
|
|
00db10 |
+else
|
|
|
00db10 |
+ libc_cv_ssp_strong=no
|
|
|
00db10 |
+fi
|
|
|
00db10 |
+
|
|
|
00db10 |
+fi
|
|
|
00db10 |
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ssp_strong" >&5
|
|
|
00db10 |
+$as_echo "$libc_cv_ssp_strong" >&6; }
|
|
|
00db10 |
+
|
|
|
00db10 |
+
|
|
|
00db10 |
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fgnu89-inline" >&5
|
|
|
00db10 |
$as_echo_n "checking for -fgnu89-inline... " >&6; }
|
|
|
00db10 |
if ${libc_cv_gnu89_inline+:} false; then :
|
|
|
00db10 |
diff -urN glibc-2.17-c758a686/configure.in glibc-2.17-c758a686/configure.in
|
|
|
00db10 |
--- glibc-2.17-c758a686/configure.in 2014-02-27 10:33:11.469763878 -0500
|
|
|
00db10 |
+++ glibc-2.17-c758a686/configure.in 2014-02-27 10:32:09.171893663 -0500
|
|
|
00db10 |
@@ -1682,6 +1682,13 @@
|
|
|
00db10 |
])
|
|
|
00db10 |
AC_SUBST(libc_cv_ssp)
|
|
|
00db10 |
|
|
|
00db10 |
+AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl
|
|
|
00db10 |
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong],
|
|
|
00db10 |
+ [libc_cv_ssp_strong=yes],
|
|
|
00db10 |
+ [libc_cv_ssp_strong=no])
|
|
|
00db10 |
+])
|
|
|
00db10 |
+AC_SUBST(libc_cv_ssp_strong)
|
|
|
00db10 |
+
|
|
|
00db10 |
AC_CACHE_CHECK(for -fgnu89-inline, libc_cv_gnu89_inline, [dnl
|
|
|
00db10 |
cat > conftest.c <
|
|
|
00db10 |
int foo;
|
|
|
00db10 |
diff -urN glibc-2.17-c758a686/login/Makefile glibc-2.17-c758a686/login/Makefile
|
|
|
00db10 |
--- glibc-2.17-c758a686/login/Makefile 2014-02-27 10:33:11.325764178 -0500
|
|
|
00db10 |
+++ glibc-2.17-c758a686/login/Makefile 2014-02-27 10:35:30.785473661 -0500
|
|
|
00db10 |
@@ -60,6 +60,9 @@
|
|
|
00db10 |
ifeq (yes,$(have-ssp))
|
|
|
00db10 |
pt_chown-cflags += -fstack-protector
|
|
|
00db10 |
endif
|
|
|
00db10 |
+ifeq (yes,$(have-ssp-strong))
|
|
|
00db10 |
+pt_chown-cflags += -fstack-protector-strong
|
|
|
00db10 |
+endif
|
|
|
00db10 |
ifeq (yes,$(have-libcap))
|
|
|
00db10 |
libcap = -lcap
|
|
|
00db10 |
endif
|
|
|
00db10 |
diff -urN glibc-2.17-c758a686/nscd/Makefile glibc-2.17-c758a686/nscd/Makefile
|
|
|
00db10 |
--- glibc-2.17-c758a686/nscd/Makefile 2012-12-24 22:02:13.000000000 -0500
|
|
|
00db10 |
+++ glibc-2.17-c758a686/nscd/Makefile 2014-02-27 10:36:00.017412769 -0500
|
|
|
00db10 |
@@ -87,6 +87,9 @@
|
|
|
00db10 |
ifeq (yes,$(have-ssp))
|
|
|
00db10 |
CFLAGS-nonlib += -fstack-protector
|
|
|
00db10 |
endif
|
|
|
00db10 |
+ifeq (yes,$(have-ssp-strong))
|
|
|
00db10 |
+CFLAGS-nonlib += -fstack-protector-strong
|
|
|
00db10 |
+endif
|
|
|
00db10 |
|
|
|
00db10 |
ifeq (yesyes,$(have-fpie)$(build-shared))
|
|
|
00db10 |
LDFLAGS-nscd = -Wl,-z,now
|
|
|
00db10 |
diff -urN glibc-2.17-c758a686/resolv/Makefile glibc-2.17-c758a686/resolv/Makefile
|
|
|
00db10 |
--- glibc-2.17-c758a686/resolv/Makefile 2012-12-24 22:02:13.000000000 -0500
|
|
|
00db10 |
+++ glibc-2.17-c758a686/resolv/Makefile 2014-02-27 10:36:29.449351461 -0500
|
|
|
00db10 |
@@ -79,6 +79,10 @@
|
|
|
00db10 |
ifeq (yes,$(have-ssp))
|
|
|
00db10 |
CFLAGS-libresolv += -fstack-protector
|
|
|
00db10 |
endif
|
|
|
00db10 |
+ifeq (yes,$(have-ssp-strong))
|
|
|
00db10 |
+CFLAGS-libresolv += -fstack-protector-strong
|
|
|
00db10 |
+endif
|
|
|
00db10 |
+
|
|
|
00db10 |
CFLAGS-res_hconf.c = -fexceptions
|
|
|
00db10 |
|
|
|
00db10 |
# The BIND code elicits some harmless warnings.
|