Enable -D_FORTIFY_SOURCE=2 for nonshared code
This commit is contained in:
Florian Weimer
parent
2074a352da
commit
a50cd9a587
139
glibc-with-nonshared-cflags.patch
Normal file
139
glibc-with-nonshared-cflags.patch
Normal file
@ -0,0 +1,139 @@
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Wed Jul 4 11:34:36 2018 +0200
|
||||
|
||||
Add --with-nonshared-cflags option to configure
|
||||
|
||||
Submitted upstream:
|
||||
|
||||
https://sourceware.org/ml/libc-alpha/2018-07/msg00071.html
|
||||
|
||||
diff --git a/INSTALL b/INSTALL
|
||||
index 0a22aa7d01e6e87b..0f80d9d615db6d42 100644
|
||||
--- a/INSTALL
|
||||
+++ b/INSTALL
|
||||
@@ -90,6 +90,15 @@ if 'CFLAGS' is specified it must enable optimization. For example:
|
||||
library will still be usable, but functionality may be lost--for
|
||||
example, you can't build a shared libc with old binutils.
|
||||
|
||||
+'--with-nonshared-cflags=CFLAGS'
|
||||
+ Use additional compiler flags CFLAGS to build the parts of the
|
||||
+ library which are always statically linked into applications and
|
||||
+ libraries even with shared linking (that is, the object files
|
||||
+ contained in 'lib*_nonshared.a' libraries). The build process will
|
||||
+ automatically use the appropriate flags, but this option can be
|
||||
+ used to set additional flags required for building applications and
|
||||
+ libraries, to match local policy.
|
||||
+
|
||||
'--disable-shared'
|
||||
Don't build shared libraries even if it is possible. Not all
|
||||
systems support shared libraries; you need ELF support and
|
||||
diff --git a/Makeconfig b/Makeconfig
|
||||
index 608ffe648c80c724..b0b27f0113ac18b8 100644
|
||||
--- a/Makeconfig
|
||||
+++ b/Makeconfig
|
||||
@@ -1038,7 +1038,7 @@ object-suffixes-for-libc += .oS
|
||||
# Must build the routines as PIC, though, because they can end up in (users')
|
||||
# shared objects. We don't want to use CFLAGS-os because users may, for
|
||||
# example, make that processor-specific.
|
||||
-CFLAGS-.oS = $(CFLAGS-.o) $(PIC-ccflag)
|
||||
+CFLAGS-.oS = $(CFLAGS-.o) $(PIC-ccflag) $(extra-nonshared-cflags)
|
||||
CPPFLAGS-.oS = $(CPPFLAGS-.o) -DPIC -DLIBC_NONSHARED=1
|
||||
libtype.oS = lib%_nonshared.a
|
||||
endif
|
||||
diff --git a/config.make.in b/config.make.in
|
||||
index d9891b2cd8ec3fbf..a6fe48d31f4d2725 100644
|
||||
--- a/config.make.in
|
||||
+++ b/config.make.in
|
||||
@@ -110,6 +110,7 @@ BUILD_CC = @BUILD_CC@
|
||||
CFLAGS = @CFLAGS@
|
||||
CPPFLAGS-config = @CPPFLAGS@
|
||||
CPPUNDEFS = @CPPUNDEFS@
|
||||
+extra-nonshared-cflags = @extra_nonshared_cflags@
|
||||
ASFLAGS-config = @ASFLAGS_config@
|
||||
AR = @AR@
|
||||
NM = @NM@
|
||||
diff --git a/configure b/configure
|
||||
index ef1830221522b7a5..fec0efff8216addd 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -684,6 +684,7 @@ force_install
|
||||
bindnow
|
||||
hardcoded_path_in_tests
|
||||
enable_timezone_tools
|
||||
+extra_nonshared_cflags
|
||||
use_default_link
|
||||
sysheaders
|
||||
ac_ct_CXX
|
||||
@@ -762,6 +763,7 @@ with_binutils
|
||||
with_selinux
|
||||
with_headers
|
||||
with_default_link
|
||||
+with_nonshared_cflags
|
||||
enable_sanity_checks
|
||||
enable_shared
|
||||
enable_profile
|
||||
@@ -1479,6 +1481,8 @@ Optional Packages:
|
||||
--with-headers=PATH location of system headers to use (for example
|
||||
/usr/src/linux/include) [default=compiler default]
|
||||
--with-default-link do not use explicit linker scripts
|
||||
+ --with-nonshared-cflags=FLAGS
|
||||
+ build nonshared libraries with additional FLAGS
|
||||
--with-cpu=CPU select code for CPU variant
|
||||
|
||||
Some influential environment variables:
|
||||
@@ -3336,6 +3340,16 @@ else
|
||||
fi
|
||||
|
||||
|
||||
+
|
||||
+# Check whether --with-nonshared-cflags was given.
|
||||
+if test "${with_nonshared_cflags+set}" = set; then :
|
||||
+ withval=$with_nonshared_cflags; extra_nonshared_cflags=$withval
|
||||
+else
|
||||
+ extra_nonshared_cflags=
|
||||
+fi
|
||||
+
|
||||
+
|
||||
+
|
||||
# Check whether --enable-sanity-checks was given.
|
||||
if test "${enable_sanity_checks+set}" = set; then :
|
||||
enableval=$enable_sanity_checks; enable_sanity=$enableval
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index dc517017f588626a..154185d70de38928 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -154,6 +154,14 @@ AC_ARG_WITH([default-link],
|
||||
[use_default_link=$withval],
|
||||
[use_default_link=default])
|
||||
|
||||
+dnl Additional build flags injection.
|
||||
+AC_ARG_WITH([nonshared-cflags],
|
||||
+ AC_HELP_STRING([--with-nonshared-cflags=FLAGS],
|
||||
+ [build nonshared libraries with additional FLAGS]),
|
||||
+ [extra_nonshared_cflags=$withval],
|
||||
+ [extra_nonshared_cflags=])
|
||||
+AC_SUBST(extra_nonshared_cflags)
|
||||
+
|
||||
AC_ARG_ENABLE([sanity-checks],
|
||||
AC_HELP_STRING([--disable-sanity-checks],
|
||||
[really do not use threads (should not be used except in special situations) @<:@default=yes@:>@]),
|
||||
diff --git a/manual/install.texi b/manual/install.texi
|
||||
index 422da1447eb4dc68..eaf0cd09e7501b96 100644
|
||||
--- a/manual/install.texi
|
||||
+++ b/manual/install.texi
|
||||
@@ -117,6 +117,15 @@ problem and suppress these constructs, so that the library will still be
|
||||
usable, but functionality may be lost---for example, you can't build a
|
||||
shared libc with old binutils.
|
||||
|
||||
+@item --with-nonshared-cflags=@var{cflags}
|
||||
+Use additional compiler flags @var{cflags} to build the parts of the
|
||||
+library which are always statically linked into applications and
|
||||
+libraries even with shared linking (that is, the object files contained
|
||||
+in @file{lib*_nonshared.a} libraries). The build process will
|
||||
+automatically use the appropriate flags, but this option can be used to
|
||||
+set additional flags required for building applications and libraries,
|
||||
+to match local policy.
|
||||
+
|
||||
@c disable static doesn't work currently
|
||||
@c @item --disable-static
|
||||
@c Don't build static libraries. Static libraries aren't that useful these
|
||||
@ -1,6 +1,6 @@
|
||||
%define glibcsrcdir glibc-2.27.9000-545-gb7b88cea41
|
||||
%define glibcversion 2.27.9000
|
||||
%define glibcrelease 30%{?dist}
|
||||
%define glibcrelease 31%{?dist}
|
||||
# Pre-release tarballs are pulled in from git using a command that is
|
||||
# effectively:
|
||||
#
|
||||
@ -158,6 +158,7 @@ Patch0016: glibc-nscd-sysconfig.patch
|
||||
Patch0017: glibc-cs-path.patch
|
||||
Patch0018: glibc-c-utf8-locale.patch
|
||||
Patch23: glibc-python3.patch
|
||||
Patch24: glibc-with-nonshared-cflags.patch
|
||||
|
||||
##############################################################################
|
||||
# Continued list of core "glibc" package information:
|
||||
@ -773,6 +774,7 @@ build()
|
||||
../configure CC="$GCC" CXX="$GXX" CFLAGS="$BuildFlags $*" \
|
||||
--prefix=%{_prefix} \
|
||||
--with-headers=%{_prefix}/include $EnableKernel \
|
||||
--with-nonshared-cflags="-D_FORTIFY_SOURCE=2" \
|
||||
--enable-bind-now \
|
||||
--build=%{target} \
|
||||
--enable-stack-protector=strong \
|
||||
@ -1856,6 +1858,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jul 4 2018 Florian Weimer <fweimer@redhat.com> - 2.27.9000-31
|
||||
- Enable -D_FORTIFY_SOURCE=2 for nonshared code
|
||||
|
||||
* Mon Jul 02 2018 Florian Weimer <fweimer@redhat.com> - 2.27.9000-30
|
||||
- Auto-sync with upstream branch master,
|
||||
commit b7b88cea4151d85eafd7ababc2e4b7ae1daeedf5:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user