1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
From c4f214584aeaa30214d5364ef8bc2171dbd7bb3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Thu, 16 Oct 2014 17:52:10 +0000
Subject: [PATCH 07/29] [build] use fortify flags with "extra-warnings"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2967 152afb58-edef-0310-8abb-c4023f1b3aa9
---
NEWS | 1 +
configure.ac | 27 ++++++++++++++++++++++++---
src/CMakeLists.txt | 2 +-
3 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/NEWS b/NEWS
index 84a1c80..115e638 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ NEWS
* fix bad shift in conditional netmask ".../0" handling
* add more mime types and a script to generate mime.conf (fixes #2579)
* add support for (Free)BSD extended attributes
+ * [build] use fortify flags with "extra-warnings"
- 1.4.35 - 2014-03-12
* [network/ssl] fix build error if TLSEXT is disabled
diff --git a/configure.ac b/configure.ac
index 48e6b52..e804030 100644
--- a/configure.ac
+++ b/configure.ac
@@ -23,6 +23,26 @@ AM_INIT_AUTOMAKE([-Wall -Wno-portability -Wno-override foreign dist-bzip2 tar-us
dnl enable with --enable-silent-rules or make V=0 (needs automake >= 1.11)
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES])
+
+dnl @synopsis TRY_CFLAGS [compiler flags]
+dnl @summary check whether compiler supports given C flags and adds them to CFLAGS
+AC_DEFUN([TRY_CFLAGS],
+[dnl
+ AC_MSG_CHECKING([if $CC supports $1])
+ AC_LANG_PUSH([C])
+ ac_try_cflags_saved_cflags="${CFLAGS}"
+ CFLAGS="${CFLAGS} $1"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+ [AC_MSG_RESULT([yes])],
+ [
+ AC_MSG_ERROR([no])
+ CFLAGS="${ac_try_cflags_saved_cflags}"
+ ]
+ )
+ AC_LANG_POP([C])
+])
+
+
dnl Checks for programs.
AC_PROG_CC
AM_PROG_CC_C_O
@@ -394,7 +414,7 @@ if test "$WITH_FAM" != "no"; then
LIBS=$FAM_LIBS
AC_CHECK_FUNCS([FAMNoExists])
LIBS=$OLD_LIBS
-
+
if test x$FAM_LIBS = x; then
AC_MSG_ERROR([fam/gamin-headers and/or libs where not found, install them or build with --without-fam])
fi
@@ -622,7 +642,8 @@ AM_CONDITIONAL(CHECK_WITH_FASTCGI, test "x$fastcgi_found" = xyes)
dnl check for extra compiler options (warning options)
if test "${GCC}" = "yes"; then
- CFLAGS="${CFLAGS} -Wall -W -Wshadow -pedantic -std=gnu99"
+ TRY_CFLAGS([-Wall -W -Wshadow -pedantic])
+ TRY_CFLAGS([-std=gnu99])
fi
AC_ARG_ENABLE(extra-warnings,
@@ -634,7 +655,7 @@ AC_ARG_ENABLE(extra-warnings,
esac],[extrawarnings=false])
if test x$extrawarnings = xtrue; then
- CFLAGS="${CFLAGS} -g -O2 -g2 -Wall -Wmissing-declarations -Wdeclaration-after-statement -Wno-pointer-sign -Wcast-align -Winline -Wsign-compare -Wnested-externs -Wpointer-arith -Wl,--as-needed -Wformat-security"
+ TRY_CFLAGS([-g -O2 -g2 -Wall -Wmissing-declarations -Wdeclaration-after-statement -Wcast-align -Winline -Wsign-compare -Wnested-externs -Wpointer-arith -Wl,--as-needed -D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security])
fi
dnl build version-id
|
