configure: hardening logic is backwards

Before this change, the argument parsing was busted.  The --help string only
compounded the incorrect behavior by suggesting that --disable-hardening
could take a yes/no argument.

                                      | before   | after
        ------------------------------+----------+--------
        <no option>                   | enable   | enable
        --enable-hardening            | disable  | enable
        --enable-hardening=yes        | disable  | enable
        --enable-hardening=no         | enable   | disable
        --disable-hardening           | enable   | disable
        --disable-hardening=yes       | error    | error
        --disable-hardening=no        | error    | error

diff --git a/configure.ac b/configure.ac
index ef00913320a5a4e2275785a8d8c3082cc18a2157..adf3d15ea8593e09f7f964ce6d6419b16636f49e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -17,12 +17,12 @@ ACLOCAL_AMFLAGS='-I $(top_srcdir)/m4'
 AC_SUBST(ACLOCAL_AMFLAGS)
 
 AC_ARG_ENABLE(hardening,
-AS_HELP_STRING([--disable-hardening=no], [Disable various hardenings (default: no)]),
-        disable_hardening=$enableval,
-        disable_hardening=no)
+AS_HELP_STRING([--enable-hardening=yes], [Enable various hardenings (default: yes)]),
+        enable_hardening=$enableval,
+        enable_hardening=yes)
 
-AC_MSG_CHECKING([Whether to disable hardening])
-AC_MSG_RESULT([$disable_hardening])
+AC_MSG_CHECKING([Whether to enable hardening])
+AC_MSG_RESULT([$enable_hardening])
 
 AC_ARG_ENABLE(devel-checks,
 AS_HELP_STRING([--enable-devel-checks], [Enable some extra expensive checks for developers]),

diff --git a/m4/cc_fortify.m4 b/m4/cc_fortify.m4
index e7c1b428fb7dd53cd9eebf18fedaaa300e5e1002..3137eece852bfba30734ce5f5350529b7c252186 100644 (file)
--- a/m4/cc_fortify.m4
+++ b/m4/cc_fortify.m4
@@ -4,7 +4,7 @@ dnl
 
 AC_DEFUN([AC_CC_D_FORTIFY_SOURCE],[
     AC_REQUIRE([gl_UNKNOWN_WARNINGS_ARE_ERRORS])
-    if test $disable_hardening = no; then
+    if test $enable_hardening = yes; then
       case "$host" in
         *)
           gl_COMPILER_OPTION_IF([-O2 -D_FORTIFY_SOURCE=2], [

diff --git a/m4/cc_pie.m4 b/m4/cc_pie.m4
index 46b99214e1543d5a31ed4665761daf00bdc69268..d0be5e7ab2e40321ddcdf686c4a4f65cd8071094 100644 (file)
--- a/m4/cc_pie.m4
+++ b/m4/cc_pie.m4
@@ -23,7 +23,7 @@ AC_DEFUN([AC_CC_PIE],[
     PIE_CFLAGS=
     PIE_LDFLAGS=
 
-    if test $disable_hardening = no; then
+    if test $enable_hardening = yes; then
       OLD_CFLAGS=$CFLAGS
       case "$host" in
         *-*-mingw* | *-*-msvc* | *-*-cygwin* )

diff --git a/m4/cc_stack_protector.m4 b/m4/cc_stack_protector.m4
index 93f06b055e5441b4ccba6811c57e725b40d58614..f619909c6d934984381b1776e318fecec33e9482 100644 (file)
--- a/m4/cc_stack_protector.m4
+++ b/m4/cc_stack_protector.m4
@@ -4,7 +4,7 @@ dnl
 
 AC_DEFUN([AC_CC_F_STACK_PROTECTOR],[
     AC_REQUIRE([gl_UNKNOWN_WARNINGS_ARE_ERRORS])
-    if test $disable_hardening = no; then
+    if test $enable_hardening = yes; then
       case "$host" in
         *)
           gl_COMPILER_OPTION_IF([-fstack-protector-strong], [

diff --git a/m4/ld_relro.m4 b/m4/ld_relro.m4
index 18938612c305316681de5cfdc1b3f83ac084ccd2..e3b5287df28a45996c3c35a79521057d0180e66c 100644 (file)
--- a/m4/ld_relro.m4
+++ b/m4/ld_relro.m4
@@ -20,7 +20,7 @@ dnl
 
 AC_DEFUN([AC_LD_RELRO],[
     RELRO_LDFLAGS=
-    if test $disable_hardening = no; then
+    if test $enable_hardening = yes; then
       AC_MSG_CHECKING([for how to force completely read-only GOT table])
       ld_help=`$CXX -Wl,-help 2>&1`
       case $ld_help in