portable - A mirror of https://github.com/libressl/portable.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	disable strict aliasing on HP-UX C/aC++ compilerv2.2.2	kinichiro	2015-08-04	1	-1/+1
\| \| \| \| \|	to disable strict aliasing on HP-UX C/aC++, `+Otype_safety=off` is right. `+Otype_safety=strong` forces ANSI aliasing.
*	add initial CMake and Visual Studio build support	Brent Cook	2015-07-21	1	-1/+1
\| \| \| \| \| \| \| \|	This moves the compatibility include files from include to include/compat so we can use the awful MS C compiler <../include/> trick to emulate the GNU #include_next extension. This also removes a few old compat files we do not need anymore.
*	disable strict aliasing on AIX xlc and HP-UX aC++ compilers	Brent Cook	2015-07-16	2	-13/+3
\|
*	disable strict aliasing by default, noticed by miod@	Brent Cook	2015-07-15	1	-0/+10
\|
*	add check for inet_pton, nudge minimum win32 compat to 0x0501	Brent Cook	2015-07-02	2	-2/+3
\|
*	fix libtool 2.4.2 stack-protector flag handling	Brent Cook	2015-06-13	1	-1/+3
\| \| \| \| \| \| \| \|	Teach libtool 2.4.2 how to pass -fstack-protector* to the linker so libssp is properly linked in on some toolchains. See upstream patch: https://github.com/instantinfrastructure/poky-daisy/blob/master/meta/recipes-devtools/libtool/libtool/respect-fstack-protector.patch Thanks to kinichiro inoguchi
*	always check if ssp needs to be linked	Brent Cook	2015-06-11	1	-3/+1
\|
*	fix definition of DISABLE_AS_EXECUTABLE_STACK	Brent Cook	2015-05-23	1	-1/+1
\|
*	refactor configure into separate m4 macros	Brent Cook	2015-05-23	4	-0/+280
\| \| \| \|	this allows for some reusability with libtls
*	simplify hardening check logic, disable for mingw	Brent Cook	2015-01-05	2	-147/+0
\| \| \| \| \| \| \| \| \| \| \|	Rather than doing separate linker/compiler checks, just build a non-empty program with each so that the compiler will actually try to use the hardening features. Reduce redundancy in the macro calls by just setting the flag that was just tested. Also, disable hardening for mingw, since its trying to use a libssp-0.dll file that I can't find right now. The detected hardening flags break mingw builds currently.
*	configure.ac: use executable hardening where available	Jim Barlow	2014-12-23	2	-0/+147
	Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". Signed-off-by: Jim Barlow <jim@purplerock.ca>