diff options
| -rw-r--r-- | changes/bug2031 | 5 | ||||
| -rw-r--r-- | configure.in | 7 |
2 files changed, 8 insertions, 4 deletions
diff --git a/changes/bug2031 b/changes/bug2031 new file mode 100644 index 000000000..59afc022e --- /dev/null +++ b/changes/bug2031 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Enable protection of small arrays whenever we build with gcc hardening + features, not only when also building with warnings enabled. Fixes bug + 2031; bugfix on 0.2.2.14-alpha. Reported by keb. + diff --git a/configure.in b/configure.in index 5ddaf3f90..c3b02be9c 100644 --- a/configure.in +++ b/configure.in @@ -116,8 +116,8 @@ AC_ARG_ENABLE(gcc-hardening, AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), [if test x$enableval = xyes; then CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" - CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector -Wformat -Wformat-security" - CFLAGS="$CFLAGS -Wpointer-sign" + CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" LDFLAGS="$LDFLAGS -pie" fi]) @@ -1011,9 +1011,8 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy if test x$have_gcc42 = xyes ; then # These warnings break gcc 4.0.2 and work on gcc 4.2 - # XXXX020 Use -fstack-protector. # XXXX020 See if any of these work with earlier versions. - CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -Wstrict-overflow=1 --param ssp-buffer-size=1" + CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -Wstrict-overflow=1" # We used to use -Wstrict-overflow=5, but that breaks us heavily under 4.3. fi |