Commit cee4dc61 authored by Sebastian Hahn's avatar Sebastian Hahn
Browse files

Use ssp-buffer-size param when hardening 

We used to enable ssp-buffer-size=1 only when building with
--enable-gcc-warnings. That would result in warnings (and no
protection for small arrays) when building with
--enable-gcc-hardening without enabling warnings, too. Fixes bug
2031.

Also remove an XXX: We now allow to build with -fstack-protector
by using --enable-gcc-hardening.
parent f3d000f4

changes/bug2031

0 → 100644
+5 −0
Original line number Diff line number Diff line 
  o Minor bugfixes:

    - Enable protection of small arrays whenever we build with gcc hardening

      features, not only when also building with warnings enabled. Fixes bug

      2031; bugfix on 0.2.2.14-alpha. Reported by keb.

configure.in

+2 −3
Original line number Diff line number Diff line
@@ -99,7 +99,7 @@ AC_ARG_ENABLE(gcc-hardening, 
[if test x$enableval = xyes; then

    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"

    CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector -Wformat -Wformat-security"

    CFLAGS="$CFLAGS -Wpointer-sign"

    CFLAGS="$CFLAGS -Wpointer-sign --param ssp-buffer-size=1"

    LDFLAGS="$LDFLAGS -pie"

fi])
@@ -892,9 +892,8 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy 


  if test x$have_gcc42 = xyes ; then 

    # These warnings break gcc 4.0.2 and work on gcc 4.2

    # XXXX020 Use -fstack-protector.

    # XXXX020 See if any of these work with earlier versions.

    CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -Wstrict-overflow=1 --param ssp-buffer-size=1"

    CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -Wstrict-overflow=1"

    # We used to use -Wstrict-overflow=5, but that breaks us heavily under 4.3.

  fi