Glibc modfications.

Enabled stackguard randomization which is just a little security feature.
We also must disable all patched new features of gcc to compile the libs correctly.

diff --git a/lfs/glibc b/lfs/glibc
index 4367ee8a5a6afd359df449f33e0c25f56d9ac947..7b6c749064f6db06ac7e147f1799d8616ebd07c9 100644 (file)
--- a/lfs/glibc
+++ b/lfs/glibc
@@ -183,7 +183,8 @@ ifeq "$(STAGE)" "toolchain"
                        --enable-kernel=2.6.0 \
                        --without-selinux \
                        --without-gd \
-                       --enable-bind-now
+                       --enable-bind-now \
+                       --enable-stackguard-randomization
 endif
 
 ifeq "$(STAGE)" "base"
@@ -202,7 +203,8 @@ ifeq "$(STAGE)" "base"
                        --enable-kernel=2.6.0 \
                        --without-selinux \
                        --disable-werror \
-                       --enable-bind-now
+                       --enable-bind-now \
+                       --enable-stackguard-randomization
 endif
 
        # Our GCC is already passing -fPIC, and that's all we want for the libraries.
@@ -211,6 +213,12 @@ endif
        # the libraries, not the programs:
        echo "build-programs=no" \
                >> $(DIR_SRC)/glibc-build/configparms
+ifeq "$(STAGE)" "base"
+       echo "CC = gcc -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -nonow -nopie" \
+               >> $(DIR_SRC)/glibc-build/configparms
+       echo "CXX = g++ -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -nonow -nopie" \
+               >> $(DIR_SRC)/glibc-build/configparms
+endif
        echo "LDFLAGS.so += -Wl,--warn-shared-textrel,--fatal-warnings" \
                >> $(DIR_SRC)/glibc-build/configparms
        cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS)