Merge pull request #182281 from helsinki-systems/feat/glibc-sec

pyrox.dev / nixpkgs

fork atom

lol

fork atom

glibc: improve configure options

authored by

Jörg Thalheim and committed by

GitHub 3 years ago 5de6b3ec cfca7fe8

+4 -1

1 changed file

expand all

unified split

pkgs

development

libraries

glibc

common.nix

+4 -1

pkgs/development/libraries/glibc/common.nix

··· 157 157 [ "-C" 158 158 "--enable-add-ons" 159 159 "--sysconfdir=/etc" 160 - "--enable-stackguard-randomization" 160 + "--enable-stack-protector=strong" 161 161 "--enable-bind-now" 162 162 (lib.withFeatureAs withLinuxHeaders "headers" "${linuxHeaders}/include") 163 163 (lib.enableFeature profilingLibraries "profile") ··· 167 167 # and on aarch64 with binutils 2.30 or later. 168 168 # https://sourceware.org/glibc/wiki/PortStatus 169 169 "--enable-static-pie" 170 + ] ++ lib.optionals stdenv.hostPlatform.isx86 [ 171 + # Enable Intel Control-flow Enforcement Technology (CET) support 172 + "--enable-cet" 170 173 ] ++ lib.optionals withLinuxHeaders [ 171 174 "--enable-kernel=3.2.0" # can't get below with glibc >= 2.26 172 175 ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [