From: Damien Miller <djm@mindrot.org>
Date: Tue, 19 Sep 2017 00:18:56 +0000 (+1000)
Subject: move FORTIFY_SOURCE into hardening options group
X-Git-Tag: V_7_6_P1~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=161af8f5ec0961b10cc032efb5cc1b44ced5a92e;p=thirdparty%2Fopenssh-portable.git

move FORTIFY_SOURCE into hardening options group

It's still on by default, but now it's possible to turn it off using
--without-hardening. This is useful since it's known to cause problems
with some -fsanitize options. ok dtucker@
---

diff --git a/configure.ac b/configure.ac
index 522f54b05..ebc2f33f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -163,8 +163,8 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
 	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
 	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
 	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
-	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
     if test "x$use_toolchain_hardening" = "x1"; then
+	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
 	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
 	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
 	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])