rpms / mptcpd

Clone
Source Code
GIT

Blame SOURCES/0001-issue125.patch

c9 c9-beta
  1.   f8071f151e150eb4f811ea07ad820edc37e08090
  2.   SOURCES
  3.   0001-issue125.patch
Blob History Raw
f8071f 
From a908793d8c816ba8e08950f7407de2ea9d144800 Mon Sep 17 00:00:00 2001
f8071f 
Message-Id: <a908793d8c816ba8e08950f7407de2ea9d144800.1622734184.git.dcaratti@redhat.com>
f8071f 
From: dddaniel <d.danzberger@ddf-software.de>
f8071f 
Date: Fri, 23 Apr 2021 23:19:23 +0200
f8071f 
Subject: [PATCH] configure: add --disable-stack-protection option (#125)
f8071f
f8071f 
Enabling -DFORTIFY_SOURCE=* and -fstack-protector-* by default may
f8071f 
overwrite global (build) system settings, causing redefinition errors at
f8071f 
compile time.
f8071f 
---
f8071f 
 configure.ac | 37 +++++++++++++++++++++++++------------
f8071f 
 1 file changed, 25 insertions(+), 12 deletions(-)
f8071f
f8071f 
diff --git a/configure.ac b/configure.ac
f8071f 
index 3d6a2f0..4be1b81 100644
f8071f 
--- a/configure.ac
f8071f 
+++ b/configure.ac
f8071f 
@@ -255,24 +255,37 @@ AX_APPEND_COMPILE_FLAGS([-Wextra -Werror -pedantic])
f8071f 
 # ---------------------------------------------------------------
f8071f 
 # Enable compile-time defense
f8071f 
 # ---------------------------------------------------------------
f8071f 
-# Fortify source
f8071f 
-# Enabling optimization implies _FORTIFY_SOURCE on some platforms.
f8071f 
-# Explicitly redefine to _FORTIFY_SOURCE=2 to make sure we have the
f8071f 
-# desired fortification level.
f8071f 
-AX_APPEND_FLAG([-U_FORTIFY_SOURCE], [CPPFLAGS])
f8071f 
-AX_APPEND_FLAG([-D_FORTIFY_SOURCE=2], [CPPFLAGS])
f8071f 
+
f8071f 
+AC_ARG_ENABLE(stack-protection,
f8071f 
+	[AS_HELP_STRING([--disable-stack-protection],
f8071f 
+		[Disable compiler stack protection.
f8071f 
+		FORTIFY_SOURCE=2 and -fstack-protector-strong]
f8071f 
+	)],
f8071f 
+	[],
f8071f 
+	[enable_stack_protection=yes])
f8071f 
+
f8071f 
+AS_IF([test "x$enable_stack_protection" = "xyes"],
f8071f 
+	[
f8071f 
+	# Fortify source
f8071f 
+	# Enabling optimization implies _FORTIFY_SOURCE on some platforms.
f8071f 
+	# Explicitly redefine to _FORTIFY_SOURCE=2 to make sure we have the
f8071f 
+	# desired fortification level.
f8071f 
+	AX_APPEND_FLAG([-U_FORTIFY_SOURCE], [CPPFLAGS])
f8071f 
+	AX_APPEND_FLAG([-D_FORTIFY_SOURCE=2], [CPPFLAGS])
f8071f 
+
f8071f 
+	# Stack-based buffer overrun detection
f8071f 
+	MPTCPD_ADD_COMPILE_FLAG([-fstack-protector-strong],
f8071f 
+	                        [# GCC < 4.9
f8071f 
+	                         MPTCPD_ADD_COMPILE_FLAG([-fstack-protector])
f8071f 
+	                        ])
f8071f 
+	],[]
f8071f 
+	)
f8071f
f8071f 
 # Format string vulnerabilities
f8071f 
 # -Wformat=2 implies:
f8071f 
 #    -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k
f8071f 
 AX_APPEND_COMPILE_FLAGS([-Wformat=2])
f8071f
f8071f 
-# Stack-based buffer overrun detection
f8071f 
-MPTCPD_ADD_COMPILE_FLAG([-fstack-protector-strong],
f8071f 
-                        [# GCC < 4.9
f8071f 
-                         MPTCPD_ADD_COMPILE_FLAG([-fstack-protector])
f8071f 
-                        ])
f8071f 
-
f8071f 
 # Position Independent Execution (PIE)
f8071f 
 AX_APPEND_COMPILE_FLAGS([-fPIE], [EXECUTABLE_CFLAGS])
f8071f 
 AC_SUBST([EXECUTABLE_CFLAGS])
f8071f 
--
f8071f 
2.31.1
f8071f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation