diff --git a/Makefile.inc1 b/Makefile.inc1 index 0f8d28e..d05b004 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -1069,7 +1069,7 @@ libraries: # # static libgcc.a prerequisite for shared libc # -_prereq_libs= gnu/lib/libgcc +_prereq_libs= gnu/lib/libssp/libssp_nonshared gnu/lib/libgcc # These dependencies are not automatically generated: # diff --git a/contrib/gcc/config/freebsd-spec.h b/contrib/gcc/config/freebsd-spec.h index a58788a..06735c8 100644 --- a/contrib/gcc/config/freebsd-spec.h +++ b/contrib/gcc/config/freebsd-spec.h @@ -168,6 +168,7 @@ is built with the --enable-threads configure-time option.} \ %{pg: %{pthread:-lpthread_p} -lc_p}} \ %{shared: \ %{pthread:-lpthread} -lc} \ + %{fstack-protector|fstack-protector-all:-lssp_nonshared} \ " #endif #endif diff --git a/gnu/lib/libgcc/Makefile b/gnu/lib/libgcc/Makefile index 49b96e6..399aff8 100644 --- a/gnu/lib/libgcc/Makefile +++ b/gnu/lib/libgcc/Makefile @@ -7,6 +7,12 @@ SHLIB_NAME= libgcc_s.so.1 SHLIBDIR?= /lib .include +# +# libgcc is linked in last and thus cannot depend on ssp symbols coming +# from earlier libraries. Disable stack protection for this library. +# +MK_SSP= no + .include "${.CURDIR}/../../usr.bin/cc/Makefile.tgt" .PATH: ${GCCDIR}/config/${GCC_CPU} ${GCCDIR}/config ${GCCDIR} diff --git a/gnu/lib/libssp/libssp_nonshared/Makefile b/gnu/lib/libssp/libssp_nonshared/Makefile index 1dcd54f..9454495 100644 --- a/gnu/lib/libssp/libssp_nonshared/Makefile +++ b/gnu/lib/libssp/libssp_nonshared/Makefile @@ -13,6 +13,6 @@ SRCS= ssp-local.c CFLAGS+= -DHAVE_CONFIG_H CFLAGS+= -I${.CURDIR}/.. -I${GCCLIB}/libssp -I${GCCLIB}/include -CFLAGS+= -fPIC -DPIC +CFLAGS+= -fPIC -DPIC -fvisibility=hidden .include diff --git a/lib/libc/Makefile b/lib/libc/Makefile index cf9ef3a..4f13f8e 100644 --- a/lib/libc/Makefile +++ b/lib/libc/Makefile @@ -26,7 +26,7 @@ PRECIOUSLIB= # DPADD+= ${LIBGCC} LDFLAGS+= -nodefaultlibs -LDADD+= -lgcc +LDADD+= -lgcc -lssp_nonshared # Define (empty) variables so that make doesn't give substitution # errors if the included makefiles don't change these: diff --git a/lib/libc/sys/Symbol.map b/lib/libc/sys/Symbol.map index 901b261..56d8aaa 100644 --- a/lib/libc/sys/Symbol.map +++ b/lib/libc/sys/Symbol.map @@ -282,7 +282,6 @@ FBSD_1.0 { socket; socketpair; __stack_chk_fail; - __stack_chk_fail_local; __stack_chk_guard; stat; statfs; diff --git a/lib/libc/sys/stack_protector.c b/lib/libc/sys/stack_protector.c index f753fcd..63beebc 100644 --- a/lib/libc/sys/stack_protector.c +++ b/lib/libc/sys/stack_protector.c @@ -47,7 +47,6 @@ static void __guard_setup(void) __attribute__((__constructor__, __used__)); static void __fail(const char *); void __stack_chk_fail(void); void __chk_fail(void); -void __stack_chk_fail_local(void); /*LINTED used*/ static void @@ -109,8 +108,4 @@ __chk_fail(void) __fail("buffer overflow detected; terminated"); } -void -__stack_chk_fail_local(void) -{ - __stack_chk_fail(); -} +__sym_compat(__stack_chk_fail_local, __stack_chk_fail, FBSD_1.0); diff --git a/libexec/rtld-elf/Makefile b/libexec/rtld-elf/Makefile index 7c20398..5e9729c 100644 --- a/libexec/rtld-elf/Makefile +++ b/libexec/rtld-elf/Makefile @@ -22,7 +22,7 @@ MLINKS= rtld.1 ld-elf.so.1.1 \ CFLAGS+= -fpic -DPIC LDFLAGS+= -shared -Wl,-Bsymbolic DPADD= ${LIBC_PIC} -LDADD= -lc_pic +LDADD= -lc_pic -lssp_nonshared .if ${MACHINE_ARCH} != "ia64" .if ${MK_SYMVER} == "yes" diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk index 741c9cb..982ff50 100644 --- a/share/mk/bsd.lib.mk +++ b/share/mk/bsd.lib.mk @@ -200,11 +200,11 @@ ${SHLIB_NAME}: ${SOBJS} @ln -fs ${.TARGET} ${SHLIB_LINK} .endif .if !defined(NM) - @${CC} ${LDFLAGS} -shared -Wl,-x \ + @${CC} ${LDFLAGS} ${SSP_CFLAGS} -shared -Wl,-x \ -o ${.TARGET} -Wl,-soname,${SONAME} \ `lorder ${SOBJS} | tsort -q` ${LDADD} .else - @${CC} ${LDFLAGS} -shared -Wl,-x \ + @${CC} ${LDFLAGS} ${SSP_CFLAGS} -shared -Wl,-x \ -o ${.TARGET} -Wl,-soname,${SONAME} \ `NM='${NM}' lorder ${SOBJS} | tsort -q` ${LDADD} .endif