X-Git-Url: https://git.hcoop.net/hcoop/debian/mlton.git/blobdiff_plain/7f918cf15a5aaed7f3029096fda625562ec5b82e..a441e504e8d82c19465abd4a01e9456a34057c86:/debian/patches/stack-hardening.patch

diff --git a/debian/patches/stack-hardening.patch b/debian/patches/stack-hardening.patch
new file mode 100644
index 0000000..d0d8a71
--- /dev/null
+++ b/debian/patches/stack-hardening.patch
@@ -0,0 +1,33 @@
+--- a/bin/mlton-script
++++ b/bin/mlton-script
+@@ -87,6 +87,7 @@
+         -target-cc-opt alpha                                     \
+                 '-mieee -mbwx -mtune=ev6 -mfp-rounding-mode=d'   \
+         -target-cc-opt amd64 '-m64'                              \
++        -target-cc-opt linux '-fstack-protector-strong'          \
+         -target-cc-opt aix '-maix64'                             \
+         -target-cc-opt ia64-hpux "-mlp64"                        \
+         -target-cc-opt ia64 "-mtune=itanium2"                    \
+@@ -104,7 +105,7 @@
+                 '-mieee -mbwx -mtune=ev6 -mfp-rounding-mode=d'   \
+         -target-link-opt aix '-maix64'                           \
+         -target-link-opt ia64-hpux "-mlp64"                      \
+-        -target-link-opt linux '-Wl,-znoexecstack'               \
++        -target-link-opt linux '-Wl,-znoexecstack,-zrelro'       \
+         -target-link-opt mingw                                   \
+                 '-lws2_32 -lkernel32 -lpsapi -lnetapi32 -lwinmm' \
+         -target-link-opt mingw '-Wl,--enable-stdcall-fixup'      \
+--- a/runtime/Makefile
++++ b/runtime/Makefile
+@@ -106,6 +106,11 @@
+ DEBUGXCFLAGS := -DASSERT=1 -Wno-uninitialized -O0 -g
+ PICXCFLAGS :=
+ 
++# Use stack hardening for the C method calls on linux
++ifeq ($(TARGET_OS), linux)
++XCFLAGS += -fstack-protector-strong
++endif
++
+ # Win32&64 don't use PIC code, all other platforms do
+ ifeq ($(findstring $(TARGET_OS), mingw cygwin),)
+ PICXCFLAGS += -fPIC