From cee4dc61015d31d27ca25ccb2a7226493f486cd5 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Tue, 19 Oct 2010 19:14:58 +0200 Subject: Use ssp-buffer-size param when hardening We used to enable ssp-buffer-size=1 only when building with --enable-gcc-warnings. That would result in warnings (and no protection for small arrays) when building with --enable-gcc-hardening without enabling warnings, too. Fixes bug 2031. Also remove an XXX: We now allow to build with -fstack-protector by using --enable-gcc-hardening. --- configure.in | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'configure.in') diff --git a/configure.in b/configure.in index 891daa82c1..7e72adaa33 100644 --- a/configure.in +++ b/configure.in @@ -99,7 +99,7 @@ AC_ARG_ENABLE(gcc-hardening, [if test x$enableval = xyes; then CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector -Wformat -Wformat-security" - CFLAGS="$CFLAGS -Wpointer-sign" + CFLAGS="$CFLAGS -Wpointer-sign --param ssp-buffer-size=1" LDFLAGS="$LDFLAGS -pie" fi]) @@ -892,9 +892,8 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy if test x$have_gcc42 = xyes ; then # These warnings break gcc 4.0.2 and work on gcc 4.2 - # XXXX020 Use -fstack-protector. # XXXX020 See if any of these work with earlier versions. - CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -Wstrict-overflow=1 --param ssp-buffer-size=1" + CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -Wstrict-overflow=1" # We used to use -Wstrict-overflow=5, but that breaks us heavily under 4.3. fi -- cgit v1.2.3-54-g00ecf