1 files changed, 33 insertions, 38 deletions
diff --git a/configure.ac b/configure.ac
index 18321bc..a9f8b6e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -80,58 +80,53 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
 AC_MSG_RESULT([$CLANG])
 AS_IF([test "x$CLANG" == "xyes"], [CLANG_FLAGS=-Qunused-arguments])
-# We want to check for compiler flag support. Prior to clang v5.1, there was no way to make
+# We want to check for compiler flag support. Prior to clang v5.1, there was no
-# clang's "argument unused" warning fatal.  So we invoke the compiler through a
+# way to make clang's "argument unused" warning fatal.  So we invoke the
-# wrapper script that greps for this message.
+# compiler through a wrapper script that greps for this message.
 saved_CC="$CC"
 saved_LD="$LD"
 flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
 CC="$flag_wrap $CC"
 LD="$flag_wrap $LD"
-AC_DEFUN([check_cflag],
-        [AX_CHECK_COMPILE_FLAG([$1], [$2], [$3], [-Werror $4])])
-AC_DEFUN([check_ldflag],
-        [AX_CHECK_LINK_FLAG([$1], [$2], [$3], [-Werror $4])])
 AC_ARG_ENABLE([hardening],
-        [AS_HELP_STRING([--disable-hardening], [Disable options to frustrate memory corruption exploits])],
+        [AS_HELP_STRING([--disable-hardening],
-        [],
+                        [Disable options to frustrate memory corruption exploits])],
-        [enable_hardening=yes])
+        [], [enable_hardening=yes])
-HARDEN_CFLAGS=""
+AC_DEFUN([CHECK_CFLAG],
-HARDEN_LDFLAGS=""
+         [AC_LANG_ASSERT(C)
-AS_IF([test "x$enable_hardening" == "xyes"], [
+          AC_MSG_CHECKING([if $saved_CC supports "$1"])
+          old_cflags="$CFLAGS"
+          CFLAGS=[$1]
+          AC_TRY_LINK([#include <stdio.h>],
+                      [printf("Hello")],
+                      AC_MSG_RESULT([yes])
+                      HARDEN_CFLAGS="$HARDEN_CFLAGS [$1]",
+                      AC_MSG_RESULT([no])
+                      $2
+                      )
+          ])
+AS_IF([test "x$enable_hardening" == "xyes" -a "x$HOST_OS" != "xwin"], [
        # Tell GCC to NOT optimize based on signed arithmetic overflow
-        check_cflag([-fno-strict-overflow], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fno-strict-overflow"])
+        CHECK_CFLAG([-fno-strict-overflow])
        # _FORTIFY_SOURCE replaces builtin functions with safer versions.
-        check_cflag([-D_FORTIFY_SOURCE=2], 
+        CHECK_CFLAG([-D_FORTIFY_SOURCE=2])
-                [HARDEN_CFLAGS="$HARDEN_CFLAGS -D_FORTIFY_SOURCE=2"])
+        # Use stack-protector-strong if available; if not, fallback to
-        # Use stack-protector-strong if available; if not, fallback to stack-protector-all which
+        # stack-protector-all which is considered to be overkill
-        # is considered to be overkill
+        CHECK_CFLAG([-fstack-protector-strong],
-        check_cflag([-fstack-protector-strong], 
+                CHECK_CFLAG([-fstack-protector-all],
-                [STACK_PROTECT="-fstack-protector-strong"],
+                        AC_MSG_ERROR([compiler does appear to support stack protection
-                check_cflag([-fstack-protector-all],
+                          - use --disable-hardening to override])
-                        [STACK_PROTECT="-fstack-protector-all"],
-                        [AC_MSG_ERROR([compiler does not support stack protection - use --disable-hardening to override if you understand the risks])]
                )
        )
-        check_ldflag([$STACK_PROTECT],
-                [HARDEN_CFLAGS="$HARDEN_CFLAGS $STACK_PROTECT"
-                 check_cflag([-Wstack-protector], [HARDEN_CFLAGS="$HARDEN_CFLAGS -Wstack-protector"],
-                        [], [$STACK_PROTECT])
-                ],
-                [AC_MSG_ERROR([compiler supports stack protection but linker does not])]
-        )
        # Enable read only relocations
-        check_ldflag([-Wl,-z,relro],
+        CHECK_CFLAG([-Wl,-z,relro])
-                [HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,relro"
+        CHECK_CFLAG([-Wl,-z,now])
-        check_ldflag([-Wl,-z,now], [HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,now"])])
 ])
 # Restore CC, LD

diff --git a/configure.ac b/configure.ac index 18321bc..a9f8b6e 100644 --- a/configure.ac +++ b/configure.ac
@@ -80,58 +80,53 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
80	AC_MSG_RESULT([$CLANG])	80	AC_MSG_RESULT([$CLANG])
81	AS_IF([test "x$CLANG" == "xyes"], [CLANG_FLAGS=-Qunused-arguments])	81	AS_IF([test "x$CLANG" == "xyes"], [CLANG_FLAGS=-Qunused-arguments])
82		82
83	# We want to check for compiler flag support. Prior to clang v5.1, there was no way to make	83	# We want to check for compiler flag support. Prior to clang v5.1, there was no
84	# clang's "argument unused" warning fatal. So we invoke the compiler through a	84	# way to make clang's "argument unused" warning fatal. So we invoke the
85	# wrapper script that greps for this message.	85	# compiler through a wrapper script that greps for this message.
86	saved_CC="$CC"	86	saved_CC="$CC"
87	saved_LD="$LD"	87	saved_LD="$LD"
88	flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"	88	flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
89	CC="$flag_wrap $CC"	89	CC="$flag_wrap $CC"
90	LD="$flag_wrap $LD"	90	LD="$flag_wrap $LD"
91		91
92	AC_DEFUN([check_cflag],
93	[AX_CHECK_COMPILE_FLAG([$1], [$2], [$3], [-Werror $4])])
94	AC_DEFUN([check_ldflag],
95	[AX_CHECK_LINK_FLAG([$1], [$2], [$3], [-Werror $4])])
96
97
98	AC_ARG_ENABLE([hardening],	92	AC_ARG_ENABLE([hardening],
99	[AS_HELP_STRING([--disable-hardening], [Disable options to frustrate memory corruption exploits])],	93	[AS_HELP_STRING([--disable-hardening],
100	[],	94	[Disable options to frustrate memory corruption exploits])],
101	[enable_hardening=yes])	95	[], [enable_hardening=yes])
102		96
103	HARDEN_CFLAGS=""	97	AC_DEFUN([CHECK_CFLAG],
104	HARDEN_LDFLAGS=""	98	[AC_LANG_ASSERT(C)
105	AS_IF([test "x$enable_hardening" == "xyes"], [	99	AC_MSG_CHECKING([if $saved_CC supports "$1"])
		100	old_cflags="$CFLAGS"
		101	CFLAGS=[$1]
		102	AC_TRY_LINK([#include <stdio.h>],
		103	[printf("Hello")],
		104	AC_MSG_RESULT([yes])
		105	HARDEN_CFLAGS="$HARDEN_CFLAGS [$1]",
		106	AC_MSG_RESULT([no])
		107	$2
		108	)
		109	])
		110
		111	AS_IF([test "x$enable_hardening" == "xyes" -a "x$HOST_OS" != "xwin"], [
106	# Tell GCC to NOT optimize based on signed arithmetic overflow	112	# Tell GCC to NOT optimize based on signed arithmetic overflow
107	check_cflag([-fno-strict-overflow], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fno-strict-overflow"])	113	CHECK_CFLAG([-fno-strict-overflow])
108		114
109	# _FORTIFY_SOURCE replaces builtin functions with safer versions.	115	# _FORTIFY_SOURCE replaces builtin functions with safer versions.
110	check_cflag([-D_FORTIFY_SOURCE=2],	116	CHECK_CFLAG([-D_FORTIFY_SOURCE=2])
111	[HARDEN_CFLAGS="$HARDEN_CFLAGS -D_FORTIFY_SOURCE=2"])	117
112		118	# Use stack-protector-strong if available; if not, fallback to
113	# Use stack-protector-strong if available; if not, fallback to stack-protector-all which	119	# stack-protector-all which is considered to be overkill
114	# is considered to be overkill	120	CHECK_CFLAG([-fstack-protector-strong],
115	check_cflag([-fstack-protector-strong],	121	CHECK_CFLAG([-fstack-protector-all],
116	[STACK_PROTECT="-fstack-protector-strong"],	122	AC_MSG_ERROR([compiler does appear to support stack protection
117	check_cflag([-fstack-protector-all],	123	- use --disable-hardening to override])
118	[STACK_PROTECT="-fstack-protector-all"],
119	[AC_MSG_ERROR([compiler does not support stack protection - use --disable-hardening to override if you understand the risks])]
120	)	124	)
121	)	125	)
122		126
123	check_ldflag([$STACK_PROTECT],
124	[HARDEN_CFLAGS="$HARDEN_CFLAGS $STACK_PROTECT"
125	check_cflag([-Wstack-protector], [HARDEN_CFLAGS="$HARDEN_CFLAGS -Wstack-protector"],
126	[], [$STACK_PROTECT])
127	],
128	[AC_MSG_ERROR([compiler supports stack protection but linker does not])]
129	)
130
131	# Enable read only relocations	127	# Enable read only relocations
132	check_ldflag([-Wl,-z,relro],	128	CHECK_CFLAG([-Wl,-z,relro])
133	[HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,relro"	129	CHECK_CFLAG([-Wl,-z,now])
134	check_ldflag([-Wl,-z,now], [HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,now"])])
135	])	130	])
136		131
137	# Restore CC, LD	132	# Restore CC, LD