mirror of git://anongit.mindrot.org/openssh.git
- (djm) [configure.ac aclocal.m4] More tests to detect fallout from
platform hardening options: include some long long int arithmatic to detect missing support functions for -ftrapv in libgcc and equivalents, actually test linking when -ftrapv is supplied and set either both -pie/-fPIE or neither. feedback and ok dtucker@
This commit is contained in:
parent
852472a54b
commit
5c2ff5e31f
|
@ -4,6 +4,11 @@
|
||||||
hack surprises us by providing a setproctitle in libc; ok dtucker
|
hack surprises us by providing a setproctitle in libc; ok dtucker
|
||||||
- (djm) [configure.ac] Unless specifically requested, only attempt
|
- (djm) [configure.ac] Unless specifically requested, only attempt
|
||||||
to build Position Independent Executables on gcc >= 4.x; ok dtucker
|
to build Position Independent Executables on gcc >= 4.x; ok dtucker
|
||||||
|
- (djm) [configure.ac aclocal.m4] More tests to detect fallout from
|
||||||
|
platform hardening options: include some long long int arithmatic
|
||||||
|
to detect missing support functions for -ftrapv in libgcc and
|
||||||
|
equivalents, actually test linking when -ftrapv is supplied and
|
||||||
|
set either both -pie/-fPIE or neither. feedback and ok dtucker@
|
||||||
|
|
||||||
20140121
|
20140121
|
||||||
- (dtucker) [configure.ac] Make PIE a configure-time option which defaults
|
- (dtucker) [configure.ac] Make PIE a configure-time option which defaults
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
dnl $Id: aclocal.m4,v 1.12 2014/01/21 02:10:27 djm Exp $
|
dnl $Id: aclocal.m4,v 1.13 2014/01/22 10:30:12 djm Exp $
|
||||||
dnl
|
dnl
|
||||||
dnl OpenSSH-specific autoconf macros
|
dnl OpenSSH-specific autoconf macros
|
||||||
dnl
|
dnl
|
||||||
|
@ -21,7 +21,45 @@ int main(int argc, char **argv) {
|
||||||
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
||||||
float l = i * 2.1;
|
float l = i * 2.1;
|
||||||
double m = l / 0.5;
|
double m = l / 0.5;
|
||||||
printf("%d %d %d %f %f\n", i, j, k, l, m);
|
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
|
||||||
|
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
]])],
|
||||||
|
[
|
||||||
|
if `grep -i "unrecognized option" conftest.err >/dev/null`
|
||||||
|
then
|
||||||
|
AC_MSG_RESULT([no])
|
||||||
|
CFLAGS="$saved_CFLAGS"
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT([yes])
|
||||||
|
CFLAGS="$saved_CFLAGS $_define_flag"
|
||||||
|
fi],
|
||||||
|
[ AC_MSG_RESULT([no])
|
||||||
|
CFLAGS="$saved_CFLAGS" ]
|
||||||
|
)
|
||||||
|
}])
|
||||||
|
|
||||||
|
dnl OSSH_CHECK_CFLAG_LINK(check_flag[, define_flag])
|
||||||
|
dnl Check that $CC accepts a flag 'check_flag'. If it is supported append
|
||||||
|
dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append
|
||||||
|
dnl 'check_flag'.
|
||||||
|
AC_DEFUN([OSSH_CHECK_CFLAG_LINK], [{
|
||||||
|
AC_MSG_CHECKING([if $CC supports compile flag $1 and linking succeeds])
|
||||||
|
saved_CFLAGS="$CFLAGS"
|
||||||
|
CFLAGS="$CFLAGS $WERROR $1"
|
||||||
|
_define_flag="$2"
|
||||||
|
test "x$_define_flag" = "x" && _define_flag="$1"
|
||||||
|
AC_LINK_IFELSE([AC_LANG_SOURCE([[
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
int main(int argc, char **argv) {
|
||||||
|
/* Some math to catch -ftrapv problems in the toolchain */
|
||||||
|
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
||||||
|
float l = i * 2.1;
|
||||||
|
double m = l / 0.5;
|
||||||
|
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
|
||||||
|
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
]])],
|
]])],
|
||||||
|
@ -57,7 +95,8 @@ int main(int argc, char **argv) {
|
||||||
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
||||||
float l = i * 2.1;
|
float l = i * 2.1;
|
||||||
double m = l / 0.5;
|
double m = l / 0.5;
|
||||||
printf("%d %d %d %f %f\n", i, j, k, l, m);
|
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
|
||||||
|
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
]])],
|
]])],
|
||||||
|
|
23
configure.ac
23
configure.ac
|
@ -1,4 +1,4 @@
|
||||||
# $Id: configure.ac,v 1.557 2014/01/22 05:31:18 djm Exp $
|
# $Id: configure.ac,v 1.558 2014/01/22 10:30:13 djm Exp $
|
||||||
#
|
#
|
||||||
# Copyright (c) 1999-2004 Damien Miller
|
# Copyright (c) 1999-2004 Damien Miller
|
||||||
#
|
#
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
|
||||||
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
||||||
AC_REVISION($Revision: 1.557 $)
|
AC_REVISION($Revision: 1.558 $)
|
||||||
AC_CONFIG_SRCDIR([ssh.c])
|
AC_CONFIG_SRCDIR([ssh.c])
|
||||||
AC_LANG([C])
|
AC_LANG([C])
|
||||||
|
|
||||||
|
@ -164,10 +164,15 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
|
OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
|
OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
|
||||||
if test "x$use_toolchain_hardening" = "x1"; then
|
if test "x$use_toolchain_hardening" = "x1"; then
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-ftrapv])
|
|
||||||
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
|
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
|
||||||
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
|
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
|
||||||
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
|
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
|
||||||
|
# NB. -ftrapv expects certain support functions to be present in
|
||||||
|
# the compiler library (libgcc or similar) to detect integer operations
|
||||||
|
# that can overflow. We must check that the result of enabling it
|
||||||
|
# actually links. The test program compiled/linked includes a number
|
||||||
|
# of integer operations that should exercise this.
|
||||||
|
OSSH_CHECK_CFLAG_LINK([-ftrapv])
|
||||||
fi
|
fi
|
||||||
AC_MSG_CHECKING([gcc version])
|
AC_MSG_CHECKING([gcc version])
|
||||||
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
|
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
|
||||||
|
@ -1594,8 +1599,20 @@ if test "x$use_pie" == "xauto"; then
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
if test "x$use_pie" != "xno"; then
|
if test "x$use_pie" != "xno"; then
|
||||||
|
SAVED_CFLAGS="$CFLAGS"
|
||||||
|
SAVED_LDFLAGS="$LDFLAGS"
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-fPIE])
|
OSSH_CHECK_CFLAG_COMPILE([-fPIE])
|
||||||
OSSH_CHECK_LDFLAG_LINK([-pie])
|
OSSH_CHECK_LDFLAG_LINK([-pie])
|
||||||
|
# We use both -fPIE and -pie or neither.
|
||||||
|
AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
|
||||||
|
if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
|
||||||
|
echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
|
||||||
|
AC_MSG_RESULT([yes])
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT([no])
|
||||||
|
CFLAGS="$SAVED_CFLAGS"
|
||||||
|
LDFLAGS="$SAVED_LDFLAGS"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
dnl Checks for library functions. Please keep in alphabetical order
|
dnl Checks for library functions. Please keep in alphabetical order
|
||||||
|
|
Loading…
Reference in New Issue