- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
Also:
Switch FreeBSD to use libgcc_s.so.1.
Use dl_iterate_phdr to locate shared objects' exception frame
info instead of depending on older register_frame_info machinery.
This allows us to avoid depending on libgcc_s.so.1 in binaries
that do not use exception handling directly. As an additional
benefit it breaks circular libc <=> libgcc_s.so.1 dependency too.
Build newly added libgomp.so.1 library, the runtime support
bits for OpenMP.
Build LGPLed libssp library. Our libc provides our own
BSD-licensed SSP callbacks implementation, so this library
is only built to benefit applications that have hadcoded
knowledge of libssp.so and libssp_nonshared.a. When linked
in from command line, these libraries override libc
implementation.
idea after all.
Fix cross-builds and ia64 builds. gnu/lib/csu/Makefile is modified to
pre-include osreldate.h and gnu/usr.bin/cc/cc_tools/auto-host.h
will avoid including sys/param.h if __FreeBSD_version is already defined.
again. Try and deal with platforms that provide their own crtbegin/end asm
files (ia64 for example). crtstuff.c does not actually work on ia64 since
libgcc.a doesn't have a few key support functions when built on ia64 so it
is compulsory to use crtbegin.asm and crtend.asm.
Reviewed by: obrien
Get rid of the INTERNALSTATICLIB knob and just use plain INTERNALLIB.
INTERNALLIB now means to build static library only and don't install
anything. Added a NOINSTALLLIB knob for libpam/modules. To not
build any library at all, just do not set LIB.