diff --git a/Makefile.in b/Makefile.in index d6de1af6..6ab2454a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -65,8 +65,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mbedtls.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/polarssl.m4 \ - $(top_srcdir)/m4/zlib.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/stack-protector.m4 $(top_srcdir)/m4/zlib.m4 \ + $(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ diff --git a/aclocal.m4 b/aclocal.m4 index 40c7b557..8cf4c913 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1213,4 +1213,5 @@ m4_include([m4/lt~obsolete.m4]) m4_include([m4/mbedtls.m4]) m4_include([m4/openssl.m4]) m4_include([m4/polarssl.m4]) +m4_include([m4/stack-protector.m4]) m4_include([m4/zlib.m4]) diff --git a/configure b/configure index 37c76b49..11783206 100755 --- a/configure +++ b/configure @@ -13708,6 +13708,86 @@ $as_echo "transparent proxy does not support for $host" >&6; } ;; esac + +ggl_check_stack_protector_save_CXXFLAGS="$CXXFLAGS" +ggl_check_stack_protector_save_CFLAGS="$CFLAGS" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -fstack-protector and -fstack-protector-all are supported." >&5 +$as_echo_n "checking if -fstack-protector and -fstack-protector-all are supported.... " >&6; } + +CXXFLAGS="$CXXFLAGS -fstack-protector" +CFLAGS="$CFLAGS -fstack-protector" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int main() { + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ggl_check_stack_protector_ok=yes +else + ggl_check_stack_protector_ok=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +CXXFLAGS="$ggl_check_stack_protector_save_CXXFLAGS -fstack-protector-all" +CFLAGS="$ggl_check_stack_protector_save_CFLAGS -fstack-protector-all" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int main() { + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ggl_check_stack_protector_all_ok=yes +else + ggl_check_stack_protector_all_ok=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test "x$ggl_check_stack_protector_ok" = "xyes" -a \ + "x$ggl_check_stack_protector_all_ok" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + has_stack_protector=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + has_stack_protector=no +fi + +CXXFLAGS="$ggl_check_stack_protector_save_CXXFLAGS" +CFLAGS="$ggl_check_stack_protector_save_CFLAGS" + + +# XXX - disable -fstack-protector due to missing libssp_nonshared +case "$host_os" in + *aix*) + { $as_echo "$as_me:${as_lineno-$LINENO}: -fstack-protector disabled on AIX" >&5 +$as_echo "$as_me: -fstack-protector disabled on AIX" >&6;} + has_stack_protector=no + ;; + *sunos*) + { $as_echo "$as_me:${as_lineno-$LINENO}: -fstack-protector disabled on SunOS" >&5 +$as_echo "$as_me: -fstack-protector disabled on SunOS" >&6;} + has_stack_protector=no + ;; + *solaris*) + { $as_echo "$as_me:${as_lineno-$LINENO}: -fstack-protector disabled on Solaris" >&5 +$as_echo "$as_me: -fstack-protector disabled on Solaris" >&6;} + has_stack_protector=no + ;; +esac +if test x$has_stack_protector = xyes; then + CFLAGS="$CFLAGS -fstack-protector" + { $as_echo "$as_me:${as_lineno-$LINENO}: -fstack-protector enabled in CFLAGS" >&5 +$as_echo "$as_me: -fstack-protector enabled in CFLAGS" >&6;} +fi + if test "$os_support" = "linux"; then BUILD_REDIRECTOR_TRUE= BUILD_REDIRECTOR_FALSE='#' diff --git a/configure.ac b/configure.ac index 32d43b46..d18165fd 100755 --- a/configure.ac +++ b/configure.ac @@ -126,6 +126,27 @@ case $host in ;; esac +GGL_CHECK_STACK_PROTECTOR([has_stack_protector=yes], [has_stack_protector=no]) +# XXX - disable -fstack-protector due to missing libssp_nonshared +case "$host_os" in + *aix*) + AC_MSG_NOTICE([-fstack-protector disabled on AIX]) + has_stack_protector=no + ;; + *sunos*) + AC_MSG_NOTICE([-fstack-protector disabled on SunOS]) + has_stack_protector=no + ;; + *solaris*) + AC_MSG_NOTICE([-fstack-protector disabled on Solaris]) + has_stack_protector=no + ;; +esac +if test x$has_stack_protector = xyes; then + CFLAGS="$CFLAGS -fstack-protector" + AC_MSG_NOTICE([-fstack-protector enabled in CFLAGS]) +fi + AM_CONDITIONAL(BUILD_REDIRECTOR, test "$os_support" = "linux") AM_CONDITIONAL(BUILD_WINCOMPAT, test "$os_support" = "mingw") diff --git a/libcork/Makefile.in b/libcork/Makefile.in index d3f3a269..b2436130 100644 --- a/libcork/Makefile.in +++ b/libcork/Makefile.in @@ -78,8 +78,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mbedtls.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/polarssl.m4 \ - $(top_srcdir)/m4/zlib.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/stack-protector.m4 $(top_srcdir)/m4/zlib.m4 \ + $(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d diff --git a/libev/Makefile.in b/libev/Makefile.in index eddb6b37..3e1535c4 100644 --- a/libev/Makefile.in +++ b/libev/Makefile.in @@ -62,8 +62,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mbedtls.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/polarssl.m4 \ - $(top_srcdir)/m4/zlib.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/stack-protector.m4 $(top_srcdir)/m4/zlib.m4 \ + $(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d diff --git a/libipset/Makefile.in b/libipset/Makefile.in index 29aeb3d4..bf8d7294 100644 --- a/libipset/Makefile.in +++ b/libipset/Makefile.in @@ -78,8 +78,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mbedtls.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/polarssl.m4 \ - $(top_srcdir)/m4/zlib.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/stack-protector.m4 $(top_srcdir)/m4/zlib.m4 \ + $(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d diff --git a/libudns/Makefile.in b/libudns/Makefile.in index 7753b318..7fd9bf43 100644 --- a/libudns/Makefile.in +++ b/libudns/Makefile.in @@ -78,8 +78,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mbedtls.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/polarssl.m4 \ - $(top_srcdir)/m4/zlib.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/stack-protector.m4 $(top_srcdir)/m4/zlib.m4 \ + $(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d diff --git a/m4/stack-protector.m4 b/m4/stack-protector.m4 new file mode 100644 index 00000000..33b3aae0 --- /dev/null +++ b/m4/stack-protector.m4 @@ -0,0 +1,58 @@ +# +# Copyright 2007 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# GGL_CHECK_STACK_PROTECTOR([ACTION-IF-OK], [ACTION-IF-NOT-OK]) +# Check if c compiler supports -fstack-protector and -fstack-protector-all +# options. + +AC_DEFUN([GGL_CHECK_STACK_PROTECTOR], [ +ggl_check_stack_protector_save_CXXFLAGS="$CXXFLAGS" +ggl_check_stack_protector_save_CFLAGS="$CFLAGS" + +AC_MSG_CHECKING([if -fstack-protector and -fstack-protector-all are supported.]) + +CXXFLAGS="$CXXFLAGS -fstack-protector" +CFLAGS="$CFLAGS -fstack-protector" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([ +int main() { + return 0; +} +])], +[ggl_check_stack_protector_ok=yes], +[ggl_check_stack_protector_ok=no]) + +CXXFLAGS="$ggl_check_stack_protector_save_CXXFLAGS -fstack-protector-all" +CFLAGS="$ggl_check_stack_protector_save_CFLAGS -fstack-protector-all" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([ +int main() { + return 0; +} +])], +[ggl_check_stack_protector_all_ok=yes], +[ggl_check_stack_protector_all_ok=no]) + +if test "x$ggl_check_stack_protector_ok" = "xyes" -a \ + "x$ggl_check_stack_protector_all_ok" = "xyes"; then + AC_MSG_RESULT([yes]) + ifelse([$1], , :, [$1]) +else + AC_MSG_RESULT([no]) + ifelse([$2], , :, [$2]) +fi + +CXXFLAGS="$ggl_check_stack_protector_save_CXXFLAGS" +CFLAGS="$ggl_check_stack_protector_save_CFLAGS" + +]) # GGL_CHECK_STACK_PROTECTOR diff --git a/src/Makefile.in b/src/Makefile.in index dfe6f217..1342c401 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -84,8 +84,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mbedtls.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/polarssl.m4 \ - $(top_srcdir)/m4/zlib.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/stack-protector.m4 $(top_srcdir)/m4/zlib.m4 \ + $(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d