about summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
authorH.J. Lu <hjl.tools@gmail.com>2018-07-18 09:52:40 -0700
committerH.J. Lu <hjl.tools@gmail.com>2018-07-18 09:52:53 -0700
commite6c695099b7894bce72de04009c889c8f6e674ae (patch)
tree13f0ff6ccee563fc3dba6e37581241c9cede0894 /NEWS
parente2d40a8822be27ddbd512599ea1955e52f90bf87 (diff)
downloadglibc-e6c695099b7894bce72de04009c889c8f6e674ae.tar.gz
glibc-e6c695099b7894bce72de04009c889c8f6e674ae.tar.xz
glibc-e6c695099b7894bce72de04009c889c8f6e674ae.zip
Intel CET: Document --enable-cet
	* NEWS: Mention --enable-cet.
	* manual/install.texi: Document --enable-cet.
	* INSTALL: Regenerated.
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS10
1 files changed, 10 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index c2896a7d93..daef815ae7 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,16 @@ Version 2.28
 
 Major new features:
 
+* The GNU C Library can now be compiled with support for Intel CET, AKA
+  Intel Control-flow Enforcement Technology.  When the library is built
+  with --enable-cet, the resulting glibc is protected with indirect
+  branch tracking (IBT) and shadow stack (SHSTK).  CET-enabled glibc is
+  compatible with all existing executables and shared libraries.  This
+  feature is currently supported on i386, x86_64 and x32 with GCC 8 and
+  binutils 2.29 or later.  Note that CET-enabled glibc requires CPUs
+  capable of multi-byte NOPs, like x86-64 processors as well as Intel
+  Pentium Pro or newer.
+
 * The GNU C Library now has correct support for ABSOLUTE symbols
   (SHN_ABS-relative symbols).  Previously such ABSOLUTE symbols were
   relocated incorrectly or in some cases discarded.  The GNU linker can