| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
This will allow us to warn about deprecated function references at link-time.
|
| |
|
|
|
|
|
|
| |
As per
http://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Installation-Directory-Variables.html
we should not try to expand variables like sysconfdir in the
configure script, but rather derive the correct value in the Makefiles
instead. This fixes missing expansions as the preprocessor define.
|
| |
|
|
|
| |
Install a default cert.pem, openssl.cnf, x509v3.cnf in OPENSSLDIR, which
is derived by default from sysconfdir and the prefix setting.
|
| | |
|
| |
|
|
|
| |
Avoid warnings about following GNU standards, since this is not a GNU
project. Thanks to Doug Hogan for pointing this out.
|
| |
|
|
| |
this allows for some reusability with libtls
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
There is a problem with these on some compilers, revert while a solution
is found.
|
| |
|
|
| |
Yes, there are compilers that do not understand or need these.
|
| |
|
|
|
|
|
|
|
|
|
| |
From deraadt@ upstream:
Remove all getenv() calls, especially those wrapped by issetugid().
getenv()'s wrapped by issetugid() are safe, but issetugid() is ...
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
|
| |
|
|
|
| |
This includes a WIP failsafe issetugid for now, while research continues
on the proper way to do this in a race-free fashion in AIX.
|
| | |
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Move define adjustments to CPPFLAGS.
Adjust user CFLAGS directly, do not override during configuration.
USER_CFLAGS is not necessary to build libcompat_noopt correctly.
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There are so many test exceptions that need handling that it is easier
to simply edit it directly rather than doing autogeneration anymore.
This also puts biotest and pidwraptest behind a new --enable-extratests
option, so they are easy to run but are not enabled by default.
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Corinna Vinschen <github@cygwin.de>
|
| | |/
| |
| |
| | |
Signed-off-by: Corinna Vinschen <github@cygwin.de>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The API/ABI for the LibreSSL 2.1.x series is now fixed, so we can safely
enable libtls it by default. This is useful for new OpenNTPD and
OpenSMTPD releases as well.
ok deraadt@ beck@ sthen@
|
| | | |
|
| | |
| |
| |
| | |
Avoid external external dependencies on 32-bit windows builds.
|
| |/ |
|
| |
|
|
| |
checks need to be unconditional with autoconf
|
| | |
|
| |
|
|
|
|
| |
This enables DEP and ALSR capabilities. Stack protection is enabled
optionally, there are some extra linking steps required that make it
difficult to enable by default.
|
| | |
|
| | |
|
| |
|
|
|
| |
Noticed while testing similar code for AIX.
ok beck@
|
| | |
|
| |
|
|
|
| |
For now, look for openat and symlink. We may switch to just needing
symlink later.
|
| |
|
|
|
|
| |
The current NetBSD release, 6.1.5, fails to reseed arc4random fork. Work
around it by providing arc4random/getentropy shims. Revisit when NetBSD
7 is available.
|
| |
|
|
|
| |
Noticed while building with GCC 4.2 with HP-UX. Switching the ERROR to a
WARN for a first release while we continue to survey the field.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
tested on: HP-UX 11.31 ia64,
gcc 4.7.1(HP AllianceOne version)
gcc 4.2.3(http://hpux.connect.org.uk)
HP C/aC++
HP-UX defaults to use LP32 and it treats long as 32 bit (= 4 bytes).
This build forces LP64 for treating long as 64 bit.
|
| | |
|
| |
|
|
|
|
| |
Allow hardening CFLAGS for mingw that do not cause link-time failures.
Add proper quoting on flags for commas
Check LDFLAGS for linker-only flags.
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than doing separate linker/compiler checks, just build a
non-empty program with each so that the compiler will actually try to
use the hardening features. Reduce redundancy in the macro calls by just
setting the flag that was just tested.
Also, disable hardening for mingw, since its trying to use a
libssp-0.dll file that I can't find right now. The detected hardening
flags break mingw builds currently.
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
Conflicts:
configure.ac
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When generating ELF objects from assembly, gcc and clang mark the
GNU_STACK program headers as RWX by default. This is a security issue,
so we make sure it is marked only RW.
This modifies Anthony G. Basile's original patch for Linux to set
.note.GNU-stack whenever the assembler supports it. It is surprising
that any modern toolchain would enable an executable stack without an
explicit request. The number of programs that need an executable stack
is surely much smaller than the number of programs that include assembly.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Where available, enable stack smashing protection, fortify source,
no-strict-overflow, and read only relocations.
Many Linux distributions automatically enable most of these options.
They are no brainers. The difference introduced here is in asking for a
few more aggressive options. An option to disable the more aggressive
options is provided (--disable-hardening). When set, configure will fall
back to the default CFLAGS on the system - in many cases that will still
be hardened. There is no point in going further than that.
Options enabled are:
-fstack-protector-strong is a relatively new GCC-4.9 feature that is
supposed to give a better balance between performance and protection.
-all is considered too aggressive, but was used in Chromium and other
security critical systems until -strong became available. Follow their
lead and use -strong when possible. clang 6.0 supports -all but not
-strong.
_FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with
more robust equivalents when the compiler can determine the length of
the buffers involved.
-fno-strict-overflow instructs GCC to not make optimizations based on
the assumption that signed arithmetic will wrap around on overflow (e.g.
(short)0x7FFF + 1 == 0). This prevents the optimizer from doing some
unexpected things. Further improvements should trap signed overflows and
reduce the use of signed to refer to naturally unsigned quantities.
I did not set -fPIE (position independent executables). The critical
function of Open/LibreSSL is as a library, not an executable.
Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check".
Signed-off-by: Jim Barlow <jim@purplerock.ca>
|
