51f0aa
Comprehensive stack protector support was added to upstream glibc with
51f0aa
this commit:
51f0aa
51f0aa
commit cecbc7967f0bcac718b6f8f8942b58403c0e917c
51f0aa
Author: Nick Alcock <nick.alcock@oracle.com>
51f0aa
Date:   Mon Dec 26 10:09:10 2016 +0100
51f0aa
51f0aa
    Enable -fstack-protector=* when requested by configure [BZ #7065]
51f0aa
51f0aa
It is a superset of the functionality in this patch.
51f0aa
ce426f
diff -urN glibc-2.17-c758a686/config.make.in glibc-2.17-c758a686/config.make.in
ce426f
--- glibc-2.17-c758a686/config.make.in	2014-02-27 10:33:11.466763885 -0500
ce426f
+++ glibc-2.17-c758a686/config.make.in	2014-02-27 10:36:44.481320149 -0500
ce426f
@@ -62,6 +62,7 @@
ce426f
 have-as-vis3 = @libc_cv_sparc_as_vis3@
ce426f
 gnu89-inline-CFLAGS = @gnu89_inline@
ce426f
 have-ssp = @libc_cv_ssp@
ce426f
+have-ssp-strong = @libc_cv_ssp_strong@
ce426f
 have-selinux = @have_selinux@
ce426f
 have-libaudit = @have_libaudit@
ce426f
 have-libcap = @have_libcap@
ce426f
diff -urN glibc-2.17-c758a686/configure glibc-2.17-c758a686/configure
ce426f
--- glibc-2.17-c758a686/configure	2014-02-27 10:33:11.561763687 -0500
ce426f
+++ glibc-2.17-c758a686/configure	2014-02-27 10:32:28.885852593 -0500
ce426f
@@ -610,6 +610,7 @@
ce426f
 libc_cv_cc_submachine
ce426f
 exceptions
ce426f
 gnu89_inline
ce426f
+libc_cv_ssp_strong
ce426f
 libc_cv_ssp
ce426f
 fno_unit_at_a_time
ce426f
 libc_cv_output_format
ce426f
@@ -6758,6 +6759,27 @@
ce426f
 $as_echo "$libc_cv_ssp" >&6; }
ce426f
 
ce426f
 
ce426f
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fstack-protector-strong" >&5
ce426f
+$as_echo_n "checking for -fstack-protector-strong... " >&6; }
ce426f
+if ${libc_cv_ssp_strong+:} false; then :
ce426f
+  $as_echo_n "(cached) " >&6
ce426f
+else
ce426f
+  if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -Werror -fstack-protector-strong -xc /dev/null -S -o /dev/null'
ce426f
+  { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
ce426f
+  (eval $ac_try) 2>&5
ce426f
+  ac_status=$?
ce426f
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
ce426f
+  test $ac_status = 0; }; }; then :
ce426f
+  libc_cv_ssp_strong=yes
ce426f
+else
ce426f
+  libc_cv_ssp_strong=no
ce426f
+fi
ce426f
+
ce426f
+fi
ce426f
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ssp_strong" >&5
ce426f
+$as_echo "$libc_cv_ssp_strong" >&6; }
ce426f
+
ce426f
+
ce426f
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fgnu89-inline" >&5
ce426f
 $as_echo_n "checking for -fgnu89-inline... " >&6; }
ce426f
 if ${libc_cv_gnu89_inline+:} false; then :
ce426f
diff -urN glibc-2.17-c758a686/configure.in glibc-2.17-c758a686/configure.in
ce426f
--- glibc-2.17-c758a686/configure.in	2014-02-27 10:33:11.469763878 -0500
ce426f
+++ glibc-2.17-c758a686/configure.in	2014-02-27 10:32:09.171893663 -0500
ce426f
@@ -1682,6 +1682,13 @@
ce426f
 ])
ce426f
 AC_SUBST(libc_cv_ssp)
ce426f
 
ce426f
+AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl
ce426f
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong],
ce426f
+		   [libc_cv_ssp_strong=yes],
ce426f
+		   [libc_cv_ssp_strong=no])
ce426f
+])
ce426f
+AC_SUBST(libc_cv_ssp_strong)
ce426f
+
ce426f
 AC_CACHE_CHECK(for -fgnu89-inline, libc_cv_gnu89_inline, [dnl
ce426f
 cat > conftest.c <
ce426f
 int foo;
ce426f
diff -urN glibc-2.17-c758a686/login/Makefile glibc-2.17-c758a686/login/Makefile
ce426f
--- glibc-2.17-c758a686/login/Makefile	2014-02-27 10:33:11.325764178 -0500
ce426f
+++ glibc-2.17-c758a686/login/Makefile	2014-02-27 10:35:30.785473661 -0500
ce426f
@@ -60,6 +60,9 @@
ce426f
 ifeq (yes,$(have-ssp))
ce426f
 pt_chown-cflags += -fstack-protector
ce426f
 endif
ce426f
+ifeq (yes,$(have-ssp-strong))
ce426f
+pt_chown-cflags += -fstack-protector-strong
ce426f
+endif
ce426f
 ifeq (yes,$(have-libcap))
ce426f
 libcap = -lcap
ce426f
 endif
ce426f
diff -urN glibc-2.17-c758a686/nscd/Makefile glibc-2.17-c758a686/nscd/Makefile
ce426f
--- glibc-2.17-c758a686/nscd/Makefile	2012-12-24 22:02:13.000000000 -0500
ce426f
+++ glibc-2.17-c758a686/nscd/Makefile	2014-02-27 10:36:00.017412769 -0500
ce426f
@@ -87,6 +87,9 @@
ce426f
 ifeq (yes,$(have-ssp))
ce426f
 CFLAGS-nonlib += -fstack-protector
ce426f
 endif
ce426f
+ifeq (yes,$(have-ssp-strong))
ce426f
+CFLAGS-nonlib += -fstack-protector-strong
ce426f
+endif
ce426f
 
ce426f
 ifeq (yesyes,$(have-fpie)$(build-shared))
ce426f
 LDFLAGS-nscd = -Wl,-z,now
ce426f
diff -urN glibc-2.17-c758a686/resolv/Makefile glibc-2.17-c758a686/resolv/Makefile
ce426f
--- glibc-2.17-c758a686/resolv/Makefile	2012-12-24 22:02:13.000000000 -0500
ce426f
+++ glibc-2.17-c758a686/resolv/Makefile	2014-02-27 10:36:29.449351461 -0500
ce426f
@@ -79,6 +79,10 @@
ce426f
 ifeq (yes,$(have-ssp))
ce426f
 CFLAGS-libresolv += -fstack-protector
ce426f
 endif
ce426f
+ifeq (yes,$(have-ssp-strong))
ce426f
+CFLAGS-libresolv += -fstack-protector-strong
ce426f
+endif
ce426f
+
ce426f
 CFLAGS-res_hconf.c = -fexceptions
ce426f
 
ce426f
 # The BIND code elicits some harmless warnings.