| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- --- a/configure.ac
- +++ b/configure.ac
- @@ -86,54 +86,6 @@ AC_ARG_ENABLE(harden,
-
- if test "$hardenbuild" -eq 1; then
- AC_MSG_NOTICE(Checking for available hardened build flags:)
- - # relocation flags don't make sense for static builds
- - if test "$STATIC" -ne 1; then
- - # pie
- - DB_TRYADDCFLAGS([-fPIE])
- -
- - OLDLDFLAGS="$LDFLAGS"
- - TESTFLAGS="-Wl,-pie"
- - LDFLAGS="$TESTFLAGS $LDFLAGS"
- - AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
- - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- - [
- - LDFLAGS="$OLDLDFLAGS"
- - TESTFLAGS="-pie"
- - LDFLAGS="$TESTFLAGS $LDFLAGS"
- - AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
- - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
- - )
- - ]
- - )
- - # readonly elf relocation sections (relro)
- - OLDLDFLAGS="$LDFLAGS"
- - TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
- - LDFLAGS="$TESTFLAGS $LDFLAGS"
- - AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
- - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
- - )
- - fi # non-static
- - # stack protector. -strong is good but only in gcc 4.9 or later
- - OLDCFLAGS="$CFLAGS"
- - TESTFLAGS="-fstack-protector-strong"
- - CFLAGS="$TESTFLAGS $CFLAGS"
- - AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
- - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- - [
- - CFLAGS="$OLDCFLAGS"
- - TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
- - CFLAGS="$TESTFLAGS $CFLAGS"
- - AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
- - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
- - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
- - )
- - ]
- - )
- - # FORTIFY_SOURCE
- - DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
- -
- # Spectre v2 mitigations
- DB_TRYADDCFLAGS([-mfunction-return=thunk])
- DB_TRYADDCFLAGS([-mindirect-branch=thunk])
|
