clang was already patched to do -Wl,-z,relro by default. now it also passes
the equivalent of -Wl,-z,now.
clang's normal behavior on linux defaults to using stack smashing protection
whenever a function defines an 8 character or more local array. this is the
equivalent of passing in -fstack-protector with no additional options in gcc.
this release patches clang's default behavior to instead behave like
-fstack-protector-strong was passed in, enabling the canary in many more
conditions without the performance impact of adding it to ALL functions as is
the case with -fstack-protector-all. these conditions include:
local variable's address used as part of right hand side of assignment
local variable's address used as function argument
local variable is an array, regardless of array type or length
same as above, but local variable is a union containing an array
uses register local variables
SSP can still be disabled by passing in -fno-stack-protector.
You can still use -fstack-protector-all to add a canary to all functions.
additionally, to make it easier to take advantage of polly's functionality, it
has been statically compiled into the tools themselves rather than as a plugin
that needs to be manually loaded before use.
polly's GPGPU codegen functionality has sadly been disabled in this build.
it appears that things are supposed to work without CUDA available, but this
doesn't seem to be true.
clean up and update patchset
switch to cmake
perform a two-stage build with a minimal bootstrap compile of clang
add clang extras
update package list to split out clang documentation
enable pulling from the svn release tags
fix making use of abuild CFLAGS/CXXFLAGS during build
don't run check-llvm, as the tests fail when running under PaX
