about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--Makeconfig8
-rw-r--r--NEWS4
3 files changed, 18 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index edf85237ac..f090910793 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,13 @@
 2016-12-26  Nick Alcock  <nick.alcock@oracle.com>
 
 	[BZ #7065]
+	Enable stack protectore if requested by ./configure.
+	* Makeconfig (+stack-protector): New variable.
+	(+cflags): Use it.
+
+2016-12-26  Nick Alcock  <nick.alcock@oracle.com>
+
+	[BZ #7065]
 	* signal/Makefile (CFLAGS-sigreturn.c): Use $(no-stack-protector).
 	* sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c:
 	(__rt_sigreturn_stub): Use inhibit_stack_protector.
diff --git a/Makeconfig b/Makeconfig
index 2d316accf3..0158eaa76e 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -807,6 +807,11 @@ endif
 # disable any optimization that assume default rounding mode.
 +math-flags = -frounding-math
 
+# We might want to compile with some stack-protection flag.
+ifneq ($(stack-protector),)
++stack-protector=$(stack-protector)
+endif
+
 # This is the program that generates makefile dependencies from C source files.
 # The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy
 # targets for headers so that removed headers don't break the build.
@@ -866,7 +871,8 @@ ifeq	"$(strip $(+cflags))" ""
 +cflags	:= $(default_cflags)
 endif	# $(+cflags) == ""
 
-+cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags)
++cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags) \
+	   $(+stack-protector)
 +gcc-nowarn := -w
 
 # Don't duplicate options if we inherited variables from the parent.
diff --git a/NEWS b/NEWS
index 79cd2883f2..77b1a0cf3f 100644
--- a/NEWS
+++ b/NEWS
@@ -89,6 +89,10 @@ Version 2.25
 * The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
   are added to libc.  They convert a floating-point number into string.
 
+* Most of glibc can now be built with the stack smashing protector enabled.
+  It is recommended to build glibc with --enable-stack-protector=strong.
+  Implemented by Nick Alcock (Oracle).
+
 * The function explicit_bzero, from OpenBSD, has been added to libc.  It is
   intended to be used instead of memset() to erase sensitive data after use;
   the compiler will not optimize out calls to explicit_bzero even if they