git.schokokeks.org
Repositories
Help
Report an Issue
keks-overlay.git
Code
Commits
Branches
Tags
Suche
Strukturansicht:
4b85c67
Branches
Tags
master
keks-overlay.git
sys-libs
glibc
files
2.10
glibc-2.10-hardened-ssp-compat.patch
glibc security fixes
Hanno Böck
commited
4b85c67
at 2010-10-26 21:29:15
glibc-2.10-hardened-ssp-compat.patch
Blame
History
Raw
Add backwards compat support for gcc-3.x ssp ... older ssp versions used __guard and __stack_smash_handler symbols while gcc-4.1 and newer uses __stack_chk_guard and __stack_chk_fail. --- config.h.in +++ config.h.in @@ -42,6 +42,9 @@ assembler instructions per line. Default is `;' */ #undef ASM_LINE_SEP +/* Define if we want to enable support for old ssp symbols */ +#undef ENABLE_OLD_SSP_COMPAT + /* Define if not using ELF, but `.init' and `.fini' sections are available. */ #undef HAVE_INITFINI --- configure +++ configure @@ -1378,6 +1378,9 @@ Optional Features: --enable-kernel=VERSION compile for compatibility with kernel not older than VERSION --enable-all-warnings enable all useful warnings gcc can issue + --disable-old-ssp-compat + enable support for older ssp symbols + [default=no] --enable-multi-arch enable single DSO with optimizations for multiple architectures --enable-experimental-malloc @@ -6462,6 +6465,20 @@ fi $as_echo "$libc_cv_ssp" >&6; } +# Check whether --enable-old-ssp-compat or --disable-old-ssp-compat was given. +if test "${enable_old_ssp_compat+set}" = set; then + enableval="$enable_old_ssp_compat" + enable_old_ssp_compat=$enableval +else + enable_old_ssp_compat=no +fi; +if test "x$enable_old_ssp_compat" = "xyes"; then + cat >>confdefs.h <<\_ACEOF +#define ENABLE_OLD_SSP_COMPAT 1 +_ACEOF + +fi + { $as_echo "$as_me:$LINENO: checking for -fgnu89-inline" >&5 $as_echo_n "checking for -fgnu89-inline... " >&6; } if test "${libc_cv_gnu89_inline+set}" = set; then --- configure.in +++ configure.in @@ -1641,6 +1641,15 @@ fi rm -f conftest*]) AC_SUBST(libc_cv_ssp) +AC_ARG_ENABLE([old-ssp-compat], + AC_HELP_STRING([--enable-old-ssp-compat], + [enable support for older ssp symbols @<:@default=no@:>@]), + [enable_old_ssp_compat=$enableval], + [enable_old_ssp_compat=no]) +if test "x$enable_old_ssp_compat" = "xyes"; then + AC_DEFINE(ENABLE_OLD_SSP_COMPAT) +fi + AC_CACHE_CHECK(for -fgnu89-inline, libc_cv_gnu89_inline, [dnl cat > conftest.c <<EOF int foo; --- csu/libc-start.c +++ csu/libc-start.c @@ -37,6 +37,9 @@ extern void __pthread_initialize_minimal uintptr_t __stack_chk_guard attribute_relro; # endif #endif +#ifdef ENABLE_OLD_SSP_COMPAT +uintptr_t __guard attribute_relro; +#endif #ifdef HAVE_PTR_NTHREADS /* We need atomic operations. */ @@ -141,6 +145,9 @@ LIBC_START_MAIN (int (*main) (int, char /* Set up the stack checker's canary. */ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random); +#ifdef ENABLE_OLD_SSP_COMPAT + __guard = stack_chk_guard; +#endif # ifdef THREAD_SET_STACK_GUARD THREAD_SET_STACK_GUARD (stack_chk_guard); # else --- csu/Versions +++ csu/Versions @@ -17,6 +17,12 @@ libc { # New special glibc functions. gnu_get_libc_release; gnu_get_libc_version; } + GLIBC_2.3.2 { +%ifdef ENABLE_OLD_SSP_COMPAT + # global objects and functions for the old propolice patch in gcc + __guard; +%endif + } GLIBC_PRIVATE { %if HAVE___THREAD # This version is for the TLS symbol, GLIBC_2.0 is the old object symbol. --- debug/Versions +++ debug/Versions @@ -10,6 +10,12 @@ libc { # These are to support some gcc features. __cyg_profile_func_enter; __cyg_profile_func_exit; } +%ifdef ENABLE_OLD_SSP_COMPAT + GLIBC_2.3.2 { + # backwards ssp compat support; alias to __stack_chk_fail + __stack_smash_handler; + } +%endif GLIBC_2.3.4 { __chk_fail; __memcpy_chk; __memmove_chk; __mempcpy_chk; __memset_chk; __stpcpy_chk; --- elf/rtld.c +++ elf/rtld.c @@ -89,6 +89,9 @@ INTDEF(_dl_argv) in thread local area. */ uintptr_t __stack_chk_guard attribute_relro; #endif +#ifdef ENABLE_OLD_SSP_COMPAT +uintptr_t __guard attribute_relro; +#endif /* Only exported for architectures that don't store the pointer guard value in thread local area. */ @@ -1817,6 +1821,9 @@ ERROR: ld.so: object '%s' cannot be load /* Set up the stack checker's canary. */ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random); +#ifdef ENABLE_OLD_SSP_COMPAT + __guard = stack_chk_guard; +#endif #ifdef THREAD_SET_STACK_GUARD THREAD_SET_STACK_GUARD (stack_chk_guard); #else --- elf/Versions +++ elf/Versions @@ -43,6 +43,12 @@ ld { # runtime interface to TLS __tls_get_addr; } +%ifdef ENABLE_OLD_SSP_COMPAT + GLIBC_2.3.2 { + # backwards ssp compat support + __guard; + } +%endif GLIBC_2.4 { # stack canary __stack_chk_guard; --- Versions.def +++ Versions.def @@ -109,6 +109,9 @@ ld { GLIBC_2.0 GLIBC_2.1 GLIBC_2.3 +%ifdef ENABLE_OLD_SSP_COMPAT + GLIBC_2.3.2 +%endif GLIBC_2.4 GLIBC_PRIVATE }