From: codarrenvelvindron Date: Sat, 17 Feb 2018 19:28:48 +0000 (-0500) Subject: configure: Add spectre variant 2 mitigations X-Git-Tag: 2.3.9~2220 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=60b67403d7fe4d6f44f62d8ec8bb890345245024;p=thirdparty%2Fdovecot%2Fcore.git configure: Add spectre variant 2 mitigations --enable-hardening adds -mfunction-return=thunk and -mindirect-branch=thunk compiler options if supported. --- diff --git a/configure.ac b/configure.ac index 10543fa929..46ea4bcfd7 100644 --- a/configure.ac +++ b/configure.ac @@ -321,6 +321,7 @@ CC_CLANG AC_CC_PIE AC_CC_F_STACK_PROTECTOR AC_CC_D_FORTIFY_SOURCE +AC_CC_RETPOLINE AC_LD_RELRO AC_LD_WHOLE_ARCHIVE diff --git a/m4/cc_retpoline.m4 b/m4/cc_retpoline.m4 new file mode 100644 index 0000000000..26f567c3a1 --- /dev/null +++ b/m4/cc_retpoline.m4 @@ -0,0 +1,18 @@ +dnl +dnl Check for support for Retpoline +dnl + +AC_DEFUN([AC_CC_RETPOLINE],[ + AC_REQUIRE([gl_UNKNOWN_WARNINGS_ARE_ERRORS]) + if test $enable_hardening = yes; then + case "$host" in + *) + gl_COMPILER_OPTION_IF([-mfunction-return=thunk -mindirect-branch=thunk], [ + CFLAGS="$CFLAGS -mfunction-return=thunk -mindirect-branch=thunk" + ], + [], + [AC_LANG_PROGRAM()] + ) + esac + fi +])