public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge #18522: glibc: enable stackprotection hardening

Browse Source
This commit is contained in:
Vladimír Čunát 2016-09-12 21:03:54 +02:00
commit f071028911
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/development/libraries/glibc/common.nix
View File

@ -82,7 +82,7 @@ stdenv.mkDerivation ({
"--enable-add-ons" "--enable-add-ons"
"--enable-obsolete-rpc" "--enable-obsolete-rpc"
"--sysconfdir=/etc" "--sysconfdir=/etc"
"libc_cv_ssp=no" "--enable-stackguard-randomization"
(if linuxHeaders != null (if linuxHeaders != null
then "--with-headers=${linuxHeaders}/include" then "--with-headers=${linuxHeaders}/include"
else "--without-headers") else "--without-headers")

3
pkgs/development/libraries/glibc/default.nix
View File

@ -33,6 +33,9 @@ in
makeFlagsArray+=("bindir=$bin/bin" "sbindir=$bin/sbin" "rootsbindir=$bin/sbin") makeFlagsArray+=("bindir=$bin/bin" "sbindir=$bin/sbin" "rootsbindir=$bin/sbin")
''; '';
# The stackprotector and fortify hardening flags are autodetected by glibc
# and enabled by default if supported. Setting it for every gcc invocation
# does not work.
hardeningDisable = [ "stackprotector" "fortify" ]; hardeningDisable = [ "stackprotector" "fortify" ];
# When building glibc from bootstrap-tools, we need libgcc_s at RPATH for # When building glibc from bootstrap-tools, we need libgcc_s at RPATH for