[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libmicrohttpd] branch master updated: add compiler/linker
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [libmicrohttpd] branch master updated: add compiler/linker hardnening |
|
Date: |
Fri, 09 Aug 2019 10:09:47 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository libmicrohttpd.
The following commit(s) were added to refs/heads/master by this push:
new 316f6ab3 add compiler/linker hardnening
316f6ab3 is described below
commit 316f6ab358269d73e62b340b6cd62597290a498b
Author: Christian Grothoff <address@hidden>
AuthorDate: Fri Aug 9 10:08:20 2019 +0200
add compiler/linker hardnening
---
ChangeLog | 4 ++++
configure.ac | 30 +++++++++++++++++++++++++++++-
2 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 92161c6f..01889a7e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Fri 09 Aug 2019 10:07:27 AM CEST
+ Copy compiler and linker hardening flags from GNUnet (updating
+ configure.ac). -CG
+
Thu 01 Aug 2019 01:23:36 PM CEST
Releasing libmicrohttpd 0.9.66. -CG
diff --git a/configure.ac b/configure.ac
index 5292798a..086481a2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -81,6 +81,34 @@ AM_CONDITIONAL([HAVE_PO], [ test "$have_po" = yes ])
+
+# Adam shostack suggests the following for Windows:
+# -D_FORTIFY_SOURCE=2 -fstack-protector-all
+AC_ARG_ENABLE(gcc-hardening,
+ AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[AS_IF([test x$enableval = xyes],[
+ CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
-fstack-protector-all"
+ CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+ CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+ LDFLAGS="$LDFLAGS -pie"
+ ])])
+
+# Linker hardening options
+# Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+ AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
+[AS_IF([test x$enableval = xyes],
+ [LDFLAGS="$LDFLAGS -z relro -z now"])])
+
+
+AC_ARG_ENABLE(sanitizer,
+ AS_HELP_STRING(--enable-sanitizer, enable Address Sanitizer and Undefined
Behavior Sanitizer),
+[AS_IF([test x$enableval = xyes],[
+ LDFLAGS="$CFLAGS -fsanitize=address,undefined -fno-omit-frame-pointer"
+ ])])
+
+
+
# Workaround for libgcrypt
AS_IF([[test "x$lt_sysroot" != "x" && test "x$SYSROOT" = "x"]],
[[SYSROOT="$lt_sysroot"]])
@@ -790,7 +818,7 @@ AC_INCLUDES_DEFAULT
]
)
-AC_CHECK_MEMBERS([struct sockaddr_in.sin_len, struct sockaddr_in6.sin6_len,
+AC_CHECK_MEMBERS([struct sockaddr_in.sin_len, struct sockaddr_in6.sin6_len,
struct sockaddr_storage.ss_len],
[], [],
[
--
To stop receiving notification emails like this one, please contact
address@hidden.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [libmicrohttpd] branch master updated: add compiler/linker hardnening,
gnunet <=