@@ -196,13 +196,14 @@ if ‘CFLAGS’ is specified it must enable optimization. For example:
‘--enable-stack-protector’
‘--enable-stack-protector=strong’
‘--enable-stack-protector=all’
+‘--enable-stack-protector=no’
Compile the C library and all other parts of the glibc package
(including the threading and math libraries, NSS modules, and
transliteration modules) using the GCC ‘-fstack-protector’,
‘-fstack-protector-strong’ or ‘-fstack-protector-all’ options to
detect stack overruns. Only the dynamic linker and a small number
of routines called directly from assembler are excluded from this
- protection.
+ protection. This option is enabled by default and set to ‘strong’.
‘--enable-bind-now’
Disable lazy binding for installed shared objects and programs.
@@ -48,6 +48,10 @@ Major new features:
* The strlcpy and strlcat functions have been added. They are derived
from OpenBSD, and are expected to be added to a future POSIX version.
+* The GNU C Library is now built with -fstack-protector-strong by
+ default. This may be overridden by using the --enable-stack-protector
+ configure option.
+
Deprecated and removed features, and other changes affecting compatibility:
* In the Linux kernel for the hppa/parisc architecture some of the
@@ -4462,7 +4462,7 @@ if test ${enable_stack_protector+y}
then :
enableval=$enable_stack_protector; enable_stack_protector=$enableval
else $as_nop
- enable_stack_protector=no
+ enable_stack_protector=strong
fi
case "$enable_stack_protector" in
@@ -228,7 +228,7 @@ AC_ARG_ENABLE([stack-protector],
AS_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@],
[Use -fstack-protector[-all|-strong] to detect glibc buffer overflows]),
[enable_stack_protector=$enableval],
- [enable_stack_protector=no])
+ [enable_stack_protector=strong])
case "$enable_stack_protector" in
all|yes|no|strong) ;;
*) AC_MSG_ERROR([Not a valid argument for --enable-stack-protector: "$enable_stack_protector"]);;
@@ -222,13 +222,14 @@ time. Consult the @file{timezone} subdirectory for more details.
@item --enable-stack-protector
@itemx --enable-stack-protector=strong
@itemx --enable-stack-protector=all
+@itemx --enable-stack-protector=no
Compile the C library and all other parts of the glibc package
(including the threading and math libraries, NSS modules, and
transliteration modules) using the GCC @option{-fstack-protector},
@option{-fstack-protector-strong} or @option{-fstack-protector-all}
options to detect stack overruns. Only the dynamic linker and a small
number of routines called directly from assembler are excluded from this
-protection.
+protection. This option is enabled by default and set to @option{strong}.
@item --enable-bind-now
Disable lazy binding for installed shared objects and programs. This
All major distributions use this level of stack protector, so make it the default. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> --- INSTALL | 3 ++- NEWS | 4 ++++ configure | 2 +- configure.ac | 2 +- manual/install.texi | 3 ++- 5 files changed, 10 insertions(+), 4 deletions(-)