소스 검색

Build with -fstack-protector or -fstack-protector-strong by default

Bryan Drewery 11 년 전
부모
커밋
e22c98fc48
3개의 변경된 파일121개의 추가작업 그리고 4개의 파일을 삭제
  1. 3 1
      build/autotools/configure.ac
  2. 117 3
      configure
  3. 1 0
      doc/UPDATES

+ 3 - 1
build/autotools/configure.ac

@@ -27,7 +27,9 @@ EGG_CHECK_CCWALL
 EGG_CHECK_CCPIPE
 CXX_FLAG_CHECK([CXXFLAGS], [-fcolor-diagnostics], [colordiagnostics])
 CXX_FLAG_CHECK([CXXFLAGS], [-Qunused-arguments], [unusedarguments])
-CXX_FLAG_CHECK([DEBCXXFLAGS], [-fstack-protector-all], [stackprotector])
+CXX_FLAG_CHECK([CXXFLAGS], [-fstack-protector], [stackprotector])
+CXX_FLAG_CHECK([CXXFLAGS], [-fstack-protector-strong], [stackprotectorstrong])
+CXX_FLAG_CHECK([DEBCXXFLAGS], [-fstack-protector-all], [stackprotectorall])
 
 EGG_CHECK_DEPMODE
 

+ 117 - 3
configure

@@ -3282,8 +3282,8 @@ EOF
   fi
 
 
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler understands -fstack-protector-all" >&5
-$as_echo_n "checking whether the compiler understands -fstack-protector-all... " >&6; }
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler understands -fstack-protector" >&5
+$as_echo_n "checking whether the compiler understands -fstack-protector... " >&6; }
 if ${egg_cv_prog_cc_stackprotector+:} false; then :
   $as_echo_n "(cached) " >&6
 else
@@ -3295,7 +3295,7 @@ ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ex
 ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
 
     ac_saved_flags="$CXXFLAGS"
-    CXXFLAGS="-Werror -fstack-protector-all"
+    CXXFLAGS="-Werror -fstack-protector"
     cat build/confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end build/confdefs.h.  */
 
@@ -3326,6 +3326,120 @@ fi
 $as_echo "$egg_cv_prog_cc_stackprotector" >&6; }
 
   if [ "$egg_cv_prog_cc_stackprotector" = "yes" ]; then
+    CXXFLAGS="$CXXFLAGS -fstack-protector"
+  elif [ -n "" ]; then
+      cat << 'EOF' >&2
+configure: error:
+
+  Your OS or C++ compiler does not support -fstack-protector.
+  This compile flag is required.
+
+EOF
+    exit 1
+  fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler understands -fstack-protector-strong" >&5
+$as_echo_n "checking whether the compiler understands -fstack-protector-strong... " >&6; }
+if ${egg_cv_prog_cc_stackprotectorstrong+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+    ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+    ac_saved_flags="$CXXFLAGS"
+    CXXFLAGS="-Werror -fstack-protector-strong"
+    cat build/confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end build/confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  egg_cv_prog_cc_stackprotectorstrong="yes"
+else
+  egg_cv_prog_cc_stackprotectorstrong="no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    CXXFLAGS="$ac_saved_flags"
+    ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $egg_cv_prog_cc_stackprotectorstrong" >&5
+$as_echo "$egg_cv_prog_cc_stackprotectorstrong" >&6; }
+
+  if [ "$egg_cv_prog_cc_stackprotectorstrong" = "yes" ]; then
+    CXXFLAGS="$CXXFLAGS -fstack-protector-strong"
+  elif [ -n "" ]; then
+      cat << 'EOF' >&2
+configure: error:
+
+  Your OS or C++ compiler does not support -fstack-protector-strong.
+  This compile flag is required.
+
+EOF
+    exit 1
+  fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler understands -fstack-protector-all" >&5
+$as_echo_n "checking whether the compiler understands -fstack-protector-all... " >&6; }
+if ${egg_cv_prog_cc_stackprotectorall+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+    ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+    ac_saved_flags="$CXXFLAGS"
+    CXXFLAGS="-Werror -fstack-protector-all"
+    cat build/confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end build/confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  egg_cv_prog_cc_stackprotectorall="yes"
+else
+  egg_cv_prog_cc_stackprotectorall="no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    CXXFLAGS="$ac_saved_flags"
+    ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $egg_cv_prog_cc_stackprotectorall" >&5
+$as_echo "$egg_cv_prog_cc_stackprotectorall" >&6; }
+
+  if [ "$egg_cv_prog_cc_stackprotectorall" = "yes" ]; then
     DEBCXXFLAGS="$DEBCXXFLAGS -fstack-protector-all"
   elif [ -n "" ]; then
       cat << 'EOF' >&2

+ 1 - 0
doc/UPDATES

@@ -16,6 +16,7 @@ maint
     in doc/responses.txt
   * Remove channel limit when limitraise is disabled (#77)
   * 'fork-interval' removed.
+  * Build with -fstack-protector by default
 
 1.4.3
   * Default 'set promisc' to ignore since it's usually a false positive