Explorar o código

Only enable -fstack-protector if compiler supports it

Bryan Drewery %!s(int64=12) %!d(string=hai) anos
pai
achega
6c5d9eab9f
Modificáronse 5 ficheiros con 63 adicións e 7 borrados
  1. 1 1
      Makefile.in
  2. 2 0
      build/autotools/configure.ac
  3. 0 3
      build/autotools/includes/depend.m4
  4. 59 3
      configure
  5. 1 0
      doc/UPDATES

+ 1 - 1
Makefile.in

@@ -42,7 +42,7 @@ DIFF = @DIFF@
 LIBS = @LIBS@
 INCLUDES = @TCL_INCLUDES@
 
-DEBCXXFLAGS = -DDEBUG -fno-inline -g3 -ggdb3 -O0 -Wshadow -Wpointer-arith -Wcast-align @GCC3DEB@ @GCC4DEB@
+DEBCXXFLAGS = -DDEBUG -fno-inline -g3 -ggdb3 -O0 -Wshadow -Wpointer-arith -Wcast-align @GCC3DEB@ @GCC4DEB@ @DEBCXXFLAGS@
 CFLGS = @GCC3@ -fno-rtti @SSL_INCLUDES@
 _CFLGS = -fno-strict-aliasing -W -Wformat \
 #-Wshadow -Wnested-externs -Wno-format-y2k \

+ 2 - 0
build/autotools/configure.ac

@@ -31,6 +31,7 @@ AC_CACHE_SAVE
 EGG_CHECK_CCWALL
 EGG_CHECK_CCPIPE
 CHECK_CC_COLOR_DIAGNOSTICS
+CXX_FLAG_CHECK([DEBCXXFLAGS], [-fstack-protector-all], [stackprotector])
 
 EGG_CHECK_DEPMODE
 
@@ -64,6 +65,7 @@ EGG_CHECK_RANDOM_MAX
 # Create static binaries
 EGG_CHECK_CCSTATIC
 AC_SUBST(CCDEBUG)dnl
+AC_SUBST(DEBCXXFLAGS)
 
 #checkpoint
 AC_CACHE_SAVE 

+ 0 - 3
build/autotools/includes/depend.m4

@@ -14,9 +14,6 @@ if test $num -ge "3"; then
   GCC3="-W -Wno-unused-parameter -Wdisabled-optimization -Wno-write-strings -Wno-format-security -fno-strict-aliasing -Woverloaded-virtual -Wno-format-y2k"
   GCC3DEB="-Wno-disabled-optimization -Wmissing-format-attribute"
 fi
-if test $num -ge "4"; then
-  GCC4DEB="-fstack-protector-all"
-fi
 AC_SUBST(CCDEPMODE)dnl
 AC_SUBST(GCC3)dnl
 AC_SUBST(GCC3DEB)dnl

+ 59 - 3
configure

@@ -639,6 +639,7 @@ TCLLIBFN
 TCLLIB
 SSL_LIBS
 SSL_INCLUDES
+DEBCXXFLAGS
 CCDEBUG
 STATIC
 BUILDARCH
@@ -3719,6 +3720,63 @@ $as_echo "$egg_cv_var_cc_color_diagnostics" >&6; }
   fi
 
 
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler understands -fstack-protector-all" >&5
+$as_echo_n "checking whether the compiler understands -fstack-protector-all... " >&6; }
+if ${egg_cv_prog_cc_stackprotector+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+    ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+    ac_saved_flags="$CXXFLAGS"
+    CXXFLAGS="-Werror -fstack-protector-all"
+    cat build/confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end build/confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  egg_cv_prog_cc_stackprotector="yes"
+else
+  egg_cv_prog_cc_stackprotector="no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    CXXFLAGS="$ac_saved_flags"
+    ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $egg_cv_prog_cc_stackprotector" >&5
+$as_echo "$egg_cv_prog_cc_stackprotector" >&6; }
+
+  if [ "$egg_cv_prog_cc_stackprotector" = "yes" ]; then
+    DEBCXXFLAGS="$DEBCXXFLAGS -fstack-protector-all"
+  elif [ -n "" ]; then
+      cat << 'EOF' >&2
+configure: error:
+
+  Your OS or C++ compiler does not support -fstack-protector-all.
+  This compile flag is required.
+
+EOF
+    exit 1
+  fi
+
+
 
 CCDEPMODE=gcc
 num=`$CXX -dumpversion | sed "s/^\\\(.\\\).*/\\\1/"`
@@ -3728,9 +3786,6 @@ if test $num -ge "3"; then
   GCC3="-W -Wno-unused-parameter -Wdisabled-optimization -Wno-write-strings -Wno-format-security -fno-strict-aliasing -Woverloaded-virtual -Wno-format-y2k"
   GCC3DEB="-Wno-disabled-optimization -Wmissing-format-attribute"
 fi
-if test $num -ge "4"; then
-  GCC4DEB="-fstack-protector-all"
-fi
 
 
 #checkpoint
@@ -4589,6 +4644,7 @@ else
 fi
 
 
+
 #checkpoint
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure

+ 1 - 0
doc/UPDATES

@@ -6,6 +6,7 @@ maint
   * Fix cmd_hublevel not properly requiring a hublevel argument
   * Fix build with clang (FreeBSD 10)
   * Fix startup crash when some shared library symbols were missing
+  * Fix build on systems without working libssp
 
 1.4.3
   * Default 'set promisc' to ignore since it's usually a false positive