From 92a8b1662f3542fe761a0e3f8050f296935727d7 Mon Sep 17 00:00:00 2001 From: "Russ Combs (rucombs)" Date: Tue, 14 Jun 2016 18:52:21 -0400 Subject: [PATCH] Merge pull request #515 in SNORT/snort3 from ~MIALTIZE/snort3:hardening to master Squashed commit of the following: commit 663bad556621beaea3b22d1880cb3fb7466455f0 Author: Michael Altizer Date: Tue Jun 14 16:20:03 2016 -0400 autotools: Make sure to check headers when searching for OpenSSL crypto support commit da44da7dcb6872062443484a4a65254a033901fb Author: Michael Altizer Date: Tue Jun 14 14:37:17 2016 -0400 cmake: Remove unused COMPILE_DEFINITIONS definition during generation. commit a4da96fc1b6a9a0154bcd7490688f057f81cd158 Author: Michael Altizer Date: Mon Jun 13 19:16:42 2016 -0400 build: Remove PCRE version check - 6.0 was released over 11 years ago commit 650e05b79e31c66297742dddf3dbf53d4b35d5fa Author: Michael Altizer Date: Mon Jun 13 19:08:37 2016 -0400 build: Remove useless references to PF_RING libpcap commit 015daa118d6017d6fef952d4604f50f3c049995a Author: Michael Altizer Date: Mon Jun 13 15:22:39 2016 -0400 cmake: Clean up OpenSSL libcrypto detection and usage commit 4e5968d7de913d0dc83ad4cad80dd26d4c60d515 Author: Michael Altizer Date: Mon Jun 13 14:53:48 2016 -0400 cmake: Clean up libpcre detection and fix hints commit eb9acf119295d91d55b43976710ecf79d397d7a3 Author: Michael Altizer Date: Mon Jun 13 14:34:59 2016 -0400 cmake: Clean up libdnet/libdumbnet detection and fix hints commit 2e31690d17925123050f1fb05f4be1f12a197ab0 Author: Michael Altizer Date: Mon Jun 13 14:18:35 2016 -0400 cmake: Clean up LuaJIT detection and let it use pkg-config commit b2700b472758617d3444a4fa35b45d5e4eb85ce3 Author: Michael Altizer Date: Mon Jun 13 13:31:00 2016 -0400 cmake: Add compile-time hardening support and clean up inconsistencies commit 5192bea466e15ac7c0e127d1af9ff89a6047a775 Author: Michael Altizer Date: Mon Jun 13 13:30:41 2016 -0400 autotools: Add compile-time hardening support --- cmake/FindDNET.cmake | 57 ++----- cmake/FindLuaJIT.cmake | 59 ++----- cmake/FindPCAP.cmake | 9 +- cmake/FindPCRE.cmake | 45 +---- cmake/Pcre/check_pcre_version.cpp | 12 -- cmake/configure_options.cmake | 56 ++++++ cmake/create_options.cmake | 5 +- cmake/sanity_checks.cmake | 6 +- configure.ac | 100 +++++++---- configure_cmake.sh | 273 +++++++++++++++--------------- m4/ax_check_compile_flag.m4 | 74 ++++++++ m4/ax_check_link_flag.m4 | 74 ++++++++ m4/ax_check_preproc_flag.m4 | 74 ++++++++ src/CMakeLists.txt | 8 +- src/catch/CMakeLists.txt | 29 +--- 15 files changed, 527 insertions(+), 354 deletions(-) delete mode 100644 cmake/Pcre/check_pcre_version.cpp create mode 100644 m4/ax_check_compile_flag.m4 create mode 100644 m4/ax_check_link_flag.m4 create mode 100644 m4/ax_check_preproc_flag.m4 diff --git a/cmake/FindDNET.cmake b/cmake/FindDNET.cmake index 4f9a78748..18b4c7119 100644 --- a/cmake/FindDNET.cmake +++ b/cmake/FindDNET.cmake @@ -11,61 +11,32 @@ # DNET_FOUND - True if dnet found. # HAVE_DUMBNET_H - True if found dumnet rather than dnet - - set(ERROR_MESSAGE " ERROR! dnet header not found, go get it from http://code.google.com/p/libdnet/ or use the --with-dnet-* - options, if you have it installed in an unusual place. You can also - set the DNET_DIR shell variable to dnets root installation directory" + options, if you have it installed in an unusual place. + " ) - # Check for libdumbnet first, then libdnet -unset (DNET_INCLUDE_DIR CACHE) -find_path(DNET_INCLUDE_DIR - NAMES dumbnet.h - HINTS ENV DNETDIR -) +find_path(DNET_INCLUDE_DIR dumbnet.h + HINTS ${DNET_INCLUDE_DIR_HINT}) -# If we found libdument header, define HAVE_DUMBNET_H for config.h generation. +# If we found libdument header, define HAVE_DUMBNET_H for config.h generation +# and search for libdumnet. if (DNET_INCLUDE_DIR) - set(HAVE_DUMBNET_H "YES") + set(HAVE_DUMBNET_H "1") + find_library(DNET_LIBRARIES NAMES dumbnet + HINTS ${DNET_LIBRARIES_DIR_HINT}) +else () + find_path(DNET_INCLUDE_DIR dnet.h + HINTS ${DNET_INCLUDE_DIR_HINT}) + find_library(DNET_LIBRARIES NAMES dnet + HINTS ${DNET_LIBRARIES_DIR_HINT}) endif() - -# Search for library twice. The first time using the custom path, second time -# using standard paths -find_library(DNET_LIBRARIES - NAMES dumbnet - HINTS ${DNET_LIBRARIES_DIR} # user specified option in ./configure_cmake.sh - NO_DEFAULT_PATH - NO_CMAKE_ENVIRONMENT_PATH -) -find_library(DNET_LIBRARIES - NAMES dumbnet -) - - -find_path(DNET_INCLUDE_DIR - NAMES dnet.h - HINTS ENV DNETDIR -) - -find_library(DNET_LIBRARIES - NAMES dnet - HINTS ${DNET_LIBRARIES_DIR} - NO_DEFAULT_PATH - NO_CMAKE_ENVIRONMENT_PATH -) -find_library(DNET_LIBRARIES - NAMES dnet -) - - - include(FindPackageHandleStandardArgs) find_package_handle_standard_args(DNET REQUIRED_VARS DNET_INCLUDE_DIR DNET_LIBRARIES diff --git a/cmake/FindLuaJIT.cmake b/cmake/FindLuaJIT.cmake index f76a203b0..1ad212836 100644 --- a/cmake/FindLuaJIT.cmake +++ b/cmake/FindLuaJIT.cmake @@ -4,61 +4,28 @@ # LUAJIT_FOUND, if false, do not try to link to Lua # LUAJIT_LIBRARIES # LUAJIT_INCLUDE_DIR, where to find lua.h -# LUAJIT_VERSION_STRING, the version of Lua found (since CMake 2.8.8) - -## Copied from default CMake FindLua51.cmake -set( LUA_PATHS - ~/Library/Frameworks - /Library/Frameworks - /sw - /opt/local - /opt/csw - /opt -) +# LUAJIT_VERSION_STRING, the version of LuaJIT found set(ERROR_MESSAGE "\n\tCan't Find luajit! Get it from http://luajit.org/download.html or use the --with-luajit-* - options if you have it installed inn an unusual place. You can - also set the LUA_DIR environment variablet to the daqs root installation directory\n" + options if you have it installed inn an unusual place.\n" ) +find_package(PkgConfig) +pkg_check_modules(PC_LUAJIT luajit) -find_path(LUAJIT_INCLUDE_DIR - NAMES luajit.h - HINTS ENV LUA_DIR - PATH_SUFFIXES include include/luajit-2.0 - PATHS ${LUA_PATHS} -) - -find_library(LUAJIT_LIBRARIES - NAMES luajit-5.1 - HINTS ${LUAJIT_LIBRARIES_DIR} - DOC "Lua Libraries" - NO_DEFAULT_PATH - NO_CMAKE_ENVIRONMENT_PATH -) -find_library(LUAJIT_LIBRARIES - NAMES luajit-5.1 - HINTS ENV LUA_DIR - PATH_SUFFIXES luajit-5.1 - PATHS ${LUA_PATHS} - DOC "Lua Libraries" -) +# Use LUAJIT_INCLUDE_DIR_HINT and LUAJIT_LIBRARY_DIR_HINT from configure_cmake.sh as primary hints +# and then package config information after that. +find_path(LUAJIT_INCLUDE_DIR luajit.h + HINTS ${LUAJIT_INCLUDE_DIR_HINT} ${PC_LUAJIT_INCLUDEDIR} ${PC_LUAJIT_INCLUDE_DIRS}) +find_library(LUAJIT_LIBRARIES NAMES luajit-5.1 + HINTS ${LUAJIT_LIBRARIES_DIR_HINT} ${PC_LUAJIT_LIBDIR} ${PC_LUAJIT_LIBRARY_DIRS}) if (APPLE) set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${LUAJIT_LIBRARIES} -pagezero_size 10000 -image_base 100000000") endif() -if(LUAJIT_LIBRARIES) - # include the math library for Unix - if(UNIX AND NOT APPLE) - find_library(MATH_LIBRARY m) - list(APPEND LUAJIT_LIBRARIES "${MATH_LIBRARY}") - endif() -endif() - - if(LUAJIT_INCLUDE_DIR AND EXISTS "${LUAJIT_INCLUDE_DIR}/luajit.h") file(STRINGS "${LUAJIT_INCLUDE_DIR}/luajit.h" luajit_version_str REGEX "^#define[ \t]+LUAJIT_VERSION[ \t]+\"LuaJIT .+\"") @@ -75,9 +42,5 @@ find_package_handle_standard_args(LuaJIT FAIL_MESSAGE "${ERROR_MESSAGE}" ) -mark_as_advanced( - LUAJIT_INCLUDE_DIR - LUAJIT_LIBRARIES - MATH_LIBRARY -) +mark_as_advanced(LUAJIT_INCLUDE_DIR LUAJIT_LIBRARIES) diff --git a/cmake/FindPCAP.cmake b/cmake/FindPCAP.cmake index 5ea44ffc4..86faccfce 100644 --- a/cmake/FindPCAP.cmake +++ b/cmake/FindPCAP.cmake @@ -9,9 +9,7 @@ # # PCAP_FOUND System has libpcap, include and library dirs found # PCAP_INCLUDE_DIR The libpcap include directories. -# PCAP_LIBRARIES The libpcap library (possibly includes a thread -# library e.g. required by pf_ring's libpcap) -# HAVE_LIBPFRING If a found version of libpcap supports PF_RING +# PCAP_LIBRARIES The libpcap library set(ERROR_MESSAGE @@ -74,11 +72,6 @@ if (NOT PCAP_LINKS_SOLO) endif () endif () -include(CheckFunctionExists) -set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARIES}) -check_function_exists(pcap_get_pfring_id HAVE_LIBPFRING) -set(CMAKE_REQUIRED_LIBRARIES) - mark_as_advanced( PCAP_INCLUDE_DIR PCAP_LIBRARIES diff --git a/cmake/FindPCRE.cmake b/cmake/FindPCRE.cmake index 199e9131e..742f58baa 100644 --- a/cmake/FindPCRE.cmake +++ b/cmake/FindPCRE.cmake @@ -10,22 +10,15 @@ set(ERROR_MESSAGE \tGet it from http://www.pcre.org\n" ) -find_path(PCRE_INCLUDE_DIR - NAMES pcre.h -) - - -find_library(PCRE_LIBRARIES - NAMES pcre - HINTS ${PCRE_LIBRARIES_DIR} # from ./configure_cmake.sh script - NO_DEFAULT_PATH - NO_CMAKE_ENVIRONMENT_PATH -) - -find_library(PCRE_LIBRARIES - NAMES pcre -) +find_package(PkgConfig) +pkg_check_modules(PC_PCRE libpcre) +# Use PCRE_INCLUDE_DIR_HINT and PCRE_LIBRARIES_DIR_HINT from configure_cmake.sh as primary hints +# and then package config information after that. +find_path(PCRE_INCLUDE_DIR pcre.h + HINTS ${PCRE_INCLUDE_DIR_HINT} ${PC_PCRE_INCLUDEDIR} ${PC_PCRE_INCLUDE_DIRS}) +find_library(PCRE_LIBRARIES NAMES pcre + HINTS ${PCRE_LIBRARIES_DIR_HINT} ${PC_PCRE_LIBDIR} ${PC_PCRE_LIBRARY_DIRS}) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(PCRE @@ -33,28 +26,6 @@ find_package_handle_standard_args(PCRE FAIL_MESSAGE "${ERROR_MESSAGE}" ) -set(bindir "${CMAKE_CURRENT_BINARY_DIR}/pcre_version") -set(srcfile "${CMAKE_CURRENT_LIST_DIR}/Pcre/check_pcre_version.cpp") - -try_compile(VALID_PCRE_VERSION "${bindir}" "${srcfile}" - CMAKE_FLAGS - "-DLINK_LIBRARIES:STRING=${PCRE_LIBRARIES}" - "-DINCLUDE_DIRECTORIES:STRING=${PCRE_INCLUDE_DIR}" -) - - -if(NOT VALID_PCRE_VERSION) - # unset these variables to ensure we search for PCRE again - unset(PCRE_FOUND CACHE) - unset(PCRE_INCLUDE_DIR CACHE) - unset(PCRE_LIBRARIES CACHE) - message(SEND_ERROR - "\nERROR! Libpcre library version >= 6.0 not found." - " Get it from http://www.pcre.org\n\n" - ) -endif() - - mark_as_advanced( PCRE_LIBRARIES PCRE_INCLUDE_DIR diff --git a/cmake/Pcre/check_pcre_version.cpp b/cmake/Pcre/check_pcre_version.cpp deleted file mode 100644 index fe17fec3b..000000000 --- a/cmake/Pcre/check_pcre_version.cpp +++ /dev/null @@ -1,12 +0,0 @@ -#include - -#if (PCRE_MAJOR < 6) -#error "Version failure." -#else -int main(void) -{ - int a, b = 0, c = 0, d = 0; - pcre *tmp = NULL; - a = pcre_copy_named_substring(tmp, "", &b, c, "", "", d); -} -#endif diff --git a/cmake/configure_options.cmake b/cmake/configure_options.cmake index 762a8b59c..206bfc74d 100644 --- a/cmake/configure_options.cmake +++ b/cmake/configure_options.cmake @@ -34,6 +34,62 @@ if ( NOT (W3M_FOUND AND ASCIIDOC_FOUND) ) set ( MAKE_TEXT_DOC OFF CACHE BOOL ${MAKE_TEXT_DOC_HELP_STRING} FORCE ) endif() +# security + +if ( ENABLE_HARDENED_BUILD ) + + check_cxx_compiler_flag ( "-Wdate-time" HAS_WDATE_TIME_CPPFLAG ) + if ( HAS_WDATE_TIME_CPPFLAG ) + set ( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wdate-time" ) + endif () + + check_cxx_compiler_flag ( "-D_FORTIFY_SOURCE=2" HAS_FORTIFY_SOURCE_2_CPPFLAG ) + if ( HAS_FORTIFY_SOURCE_2_CPPFLAG ) + set ( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D_FORTIFY_SOURCE=2" ) + endif () + + check_cxx_compiler_flag ( "-fstack-protector-strong" HAS_FSTACK_PROTECTOR_STRONG_CXXFLAG ) + if ( HAS_FSTACK_PROTECTOR_STRONG_CXXFLAG ) + set ( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong" ) + endif () + + check_cxx_compiler_flag ( "-Wformat" HAS_WFORMAT_CXXFLAG ) + if ( HAS_WFORMAT_CXXFLAG ) + set ( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wformat" ) + endif () + + check_cxx_compiler_flag ( "-Werror=format-security" HAS_WERROR_FORMAT_SECURITY_CXXFLAG ) + if ( HAS_WERROR_FORMAT_SECURITY_CXXFLAG ) + set ( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror=format-security" ) + endif () + + set ( CMAKE_REQUIRED_FLAGS "-Wl,-z,relro" ) + check_cxx_compiler_flag ( "" HAS_ZRELRO_LDFLAG ) + if ( HAS_ZRELRO_LDFLAG ) + set ( CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro" ) + set ( CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,-z,relro" ) + endif () + unset ( CMAKE_REQUIRED_FLAGS ) + + set ( CMAKE_REQUIRED_FLAGS "-Wl,-z,now" ) + check_cxx_compiler_flag ( "-Wl,-z,now" HAS_ZNOW_LDFLAG ) + if ( HAS_ZNOW_LDFLAG ) + set ( CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,now" ) + set ( CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,-z,now" ) + endif () + unset ( CMAKE_REQUIRED_FLAGS ) + +endif ( ENABLE_HARDENED_BUILD ) + +if ( ENABLE_PIE ) + check_cxx_compiler_flag ( "-fPIE -pie" HAS_PIE_SUPPORT ) + if ( HAS_PIE_SUPPORT ) + set ( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIE" ) + set ( CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie" ) + set ( CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -fPIE -pie" ) + endif () +endif ( ENABLE_PIE ) + # debugging set ( DEBUG_MSGS ${ENABLE_DEBUG_MSGS} ) diff --git a/cmake/create_options.cmake b/cmake/create_options.cmake index a90e95a77..d689edccd 100644 --- a/cmake/create_options.cmake +++ b/cmake/create_options.cmake @@ -19,7 +19,6 @@ option ( ENABLE_SHELL "enable shell support" OFF ) option ( ENABLE_UNIT_TESTS "enable unit tests" OFF ) option ( ENABLE_PIGLET "enable piglet test harness" OFF ) -option ( ENABLE_PTHREAD "enable pthread support" ON ) option ( ENABLE_COREFILES "Prevent Snort from generating core files" ON ) option ( ENABLE_INTEL_SOFT_CPM "Enable Intel Soft CPM support" OFF ) option ( ENABLE_LARGE_PCAP "Enable support for pcaps larger than 2 GB" OFF ) @@ -29,6 +28,10 @@ option ( MAKE_HTML_DOC "Create the HTML documentation" ON ) option ( MAKE_PDF_DOC "Create the PDF documentation" ON ) option ( MAKE_TEXT_DOC "Create the text documentation" ON ) +# security +option ( ENABLE_HARDENED_BUILD "Detect and use compile-time hardening options" OFF ) +option ( ENABLE_PIE "Attempt to produce a position-independent executable" OFF ) + # debugging option ( ENABLE_DEBUG_MSGS "Enable debug printing options (bugreports and developers only)" OFF ) option ( ENABLE_DEBUG "Enable debugging options (bugreports and developers only)" OFF ) diff --git a/cmake/sanity_checks.cmake b/cmake/sanity_checks.cmake index 89ac529a3..ae5a594c8 100644 --- a/cmake/sanity_checks.cmake +++ b/cmake/sanity_checks.cmake @@ -176,8 +176,7 @@ endif() # set library variables - -if (DEFINED OPENSSL_CRYPTO_LIBRARIES) +if (OPENSSL_FOUND AND DEFINED OPENSSL_CRYPTO_LIBRARIES) check_library_exists (${OPENSSL_CRYPTO_LIBRARIES} SHA256_Init "" HAVE_OPENSSL_SHA) check_library_exists (${OPENSSL_CRYPTO_LIBRARIES} MD5_Init "" HAVE_OPENSSL_MD5) endif() @@ -190,7 +189,4 @@ if (DEFINED LIBLZMA_LIBRARIES) check_library_exists (${LIBLZMA_LIBRARIES} lzma_code "" HAVE_LZMA) endif() -# FIXIT-L J is this necessary? -set ( HAVE___FUNCTION__ HAS_CXX11_FUNC ) check_library_exists (pcap pcap_lib_version "${PCAP_LIBRARIES}" HAVE_PCAP_LIB_VERSION) -check_library_exists (pcap pcap_lex_destroy "${PCAP_LIBRARIES}" HAVE_PCAP_LEX_DESTROY) diff --git a/configure.ac b/configure.ac index 273766a29..5909034af 100644 --- a/configure.ac +++ b/configure.ac @@ -223,6 +223,51 @@ CXX_THREAD_LOCAL() # fi #fi +#-------------------------------------------------------------------------- +# compile-time security features +#-------------------------------------------------------------------------- + +# Based on Debian's hardening options (https://wiki.debian.org/Hardening) +# Desired options: +# CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2 +# CFLAGS/CXXFLAGS: -fPIE -fstack-protector-strong -Wformat -Werror=format-security +# LDFLAGS: -fPIE -pie -Wl,-z,relro -Wl,-z,now + +AC_ARG_ENABLE(hardened_build, + AS_HELP_STRING([--enable-hardened-build], [Detect and use compile-time hardening options])) + +if test "x$enable_hardened_build" = "xyes"; then + + AX_CHECK_PREPROC_FLAG([-Wdate-time], [HARD_CPPFLAGS="$HARD_CPPFLAGS -Wdate-time"]) + + AX_CHECK_PREPROC_FLAG([-D_FORTIFY_SOURCE=2], [HARD_CPPFLAGS="$HARD_CPPFLAGS -D_FORTIFY_SOURCE=2"]) + + AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [HARD_CFLAGS="$HARD_CFLAGS -fstack-protector-strong"]) + + AX_CHECK_COMPILE_FLAG([-Wformat], [HARD_CFLAGS="$HARD_CFLAGS -Wformat"]) + + AX_CHECK_COMPILE_FLAG([-Werror=format-security], [HARD_CFLAGS="$HARD_CFLAGS -Werror=format-security"]) + + AX_CHECK_LINK_FLAG([-Wl,-z,relro], [HARD_LDFLAGS="$HARD_LDFLAGS -Wl,-z,relro"]) + + AX_CHECK_LINK_FLAG([-Wl,-z,now], [HARD_LDFLAGS="$HARD_LDFLAGS -Wl,-z,now"]) + +fi + +# PIE support gets its own switch since it requires any static libraries Snort wants to link in to +# be built with PIC, which may or may not be feasible for the user. + +AC_ARG_ENABLE(pie, + AS_HELP_STRING([--enable-pie], [Attempt to produce a position-independent executable])) + +if test "x$enable_pie" = "xyes"; then + + AX_CHECK_COMPILE_FLAG([-fPIE], [HARD_CFLAGS="$HARD_CFLAGS -fPIE"]) + + AX_CHECK_LINK_FLAG([-fPIE -pie], [HARD_LDFLAGS="$HARD_LDFLAGS -fPIE -pie"]) + +fi + #-------------------------------------------------------------------------- # typedefs, structures, and compiler characteristics #-------------------------------------------------------------------------- @@ -546,11 +591,10 @@ if test "x$with_libpcap_libraries" != "xno"; then fi LPCAP="" +AC_CHECK_HEADERS([pcap.h],, LPCAP="no") AC_CHECK_LIB(pcap, pcap_datalink,, LPCAP="no") -# If both the AC_CHECK_LIB for normal pcap and pfring-enabled pcap fail then exit. if test "x$LPCAP" = "xno"; then - if test "x$LPFRING_PCAP" = "xno"; then echo echo " ERROR: Libpcap library/headers (libpcap.a (or .so)/pcap.h)" echo " not found, go get it from http://www.tcpdump.org" @@ -558,7 +602,6 @@ if test "x$LPCAP" = "xno"; then echo " in unusual place. Also check if your libpcap depends on another" echo " shared library that may be installed in an unusual place" exit 1 - fi fi AC_MSG_CHECKING([for pcap_lib_version]) @@ -702,7 +745,6 @@ fi # Verify that we have the library PCRE_L="" -pcre_version_six="" AC_CHECK_LIB(pcre, pcre_compile, ,PCRE_L="no") if test "x$PCRE_L" = "xno"; then echo @@ -710,28 +752,6 @@ if test "x$PCRE_L" = "xno"; then echo " Get it from http://www.pcre.org" echo exit 1 -else - AC_MSG_CHECKING(for libpcre version 6.0 or greater) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ - #if (PCRE_MAJOR < 6) - #error "Version failure" - #else - int a, b = 0, c = 0, d = 0; - pcre *tmp = NULL; - a = pcre_copy_named_substring(tmp, "", &b, c, "", "", d); - #endif - ]])],[pcre_version_six="yes"],[pcre_version_six="no"]) -fi - -if test "x$pcre_version_six" != "xyes"; then - AC_MSG_RESULT(no) - echo - echo " ERROR: Libpcre library version >= 6.0 not found." - echo " Get it from http://www.pcre.org" - echo - exit 1 -else - AC_MSG_RESULT(yes) fi #-------------------------------------------------------------------------- @@ -802,7 +822,7 @@ if test "x$with_daq_libraries" != "xno"; then fi AC_ARG_ENABLE(static_daq, - AS_HELP_STRING([--disable-static-daq],[link static DAQ modules.]), + AS_HELP_STRING([--disable-static-daq],[link static DAQ modules]), enable_static_daq="$enableval", enable_static_daq="yes") if test "$DLLIB" != "no"; then @@ -938,13 +958,21 @@ if test "x$with_openssl_libraries" != "xno"; then LDFLAGS="${LDFLAGS} -L${with_openssl_libraries}" fi -AC_CHECK_LIB([crypto],[SHA256_Init],AC_DEFINE([HAVE_OPENSSL_SHA],[1],openssl SHA available),) -AC_CHECK_LIB([crypto],[MD5_Init],AC_DEFINE([HAVE_OPENSSL_MD5],[1],openssl MD5 available),) +AC_CHECK_HEADERS([openssl/md5.h], + AC_CHECK_LIB([crypto],[MD5_Init], + AC_DEFINE([HAVE_OPENSSL_MD5],[1],openssl MD5 available) + BUILD_SSL_MD5="yes", + )) +AM_CONDITIONAL([BUILD_SSL_MD5], test "x$BUILD_SSL_MD5" != "xyes" ) -AM_CONDITIONAL([BUILD_SSL_MD5], test "x$ac_cv_lib_crypto_MD5_Init" != "xyes" ) -AM_CONDITIONAL([BUILD_SSL_SHA], test "x$ac_cv_lib_crypto_SHA256_Init" != "xyes" ) +AC_CHECK_HEADERS([openssl/sha.h], + AC_CHECK_LIB([crypto],[SHA256_Init], + AC_DEFINE([HAVE_OPENSSL_SHA],[1],openssl SHA available) + BUILD_SSL_SHA="yes", + )) +AM_CONDITIONAL([BUILD_SSL_SHA], test "x$BUILD_SSL_SHA" != "xyes" ) -if test "x$ac_cv_lib_crypto_MD5_Init" = "xyes"; then +if test "x$BUILD_SSL_MD5" = "xyes" || test "x$BUILD_SSL_SHA" = "xyes" ; then LIBS="${LIBS} -lcrypto" fi @@ -1043,10 +1071,10 @@ fi # Global defaults for AM_* flags. Can be overridden on a per-Makefile.am basis. AM_CPPFLAGS='-I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/src -I$(top_srcdir)/src/network_inspectors' -AM_CPPFLAGS="${AM_CPPFLAGS} ${CODE_COVERAGE_CPPFLAGS}" -AM_CFLAGS="${CODE_COVERAGE_CFLAGS}" -AM_CXXFLAGS="${CODE_COVERAGE_CXXFLAGS}" -AM_LDFLAGS="${CODE_COVERAGE_LDFLAGS}" +AM_CPPFLAGS="${AM_CPPFLAGS} ${CODE_COVERAGE_CPPFLAGS} ${HARD_CPPFLAGS}" +AM_CFLAGS="${CODE_COVERAGE_CFLAGS} ${HARD_CFLAGS}" +AM_CXXFLAGS="${CODE_COVERAGE_CXXFLAGS} ${HARD_CFLAGS}" +AM_LDFLAGS="${CODE_COVERAGE_LDFLAGS} ${HARD_LDFLAGS}" # Special AM_CPPFLAGS for snort2lua. snort2lua_CPPFLAGS='-I$(top_builddir) -I$(top_srcdir)/tools/snort2lua' diff --git a/configure_cmake.sh b/configure_cmake.sh index e66ca295a..6f7bc60ff 100755 --- a/configure_cmake.sh +++ b/configure_cmake.sh @@ -23,50 +23,64 @@ Usage: $0 [OPTION]... [VAR=VALUE]... Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --disable-static-ips-actions do not include ips actions in binary - --disable-static-inspectors do not include inspectors in binary - --disable-static-loggers do not include loggers in binary - --disable-static-ips-options do not include ips options in binary - --disable-static-search-engines do not include search engines in binary - --disable-static-codecs do not include codecs in binary - --enable-valgrind Only use if you are testing with valgrind. - --enable-shell enable command line shell support - --enable-linux-smp-stats Enable statistics reporting through proc - --enable-debug-msgs Enable debug printing options (bugreports and developers only) - --enable-large-pcap Enable support for pcaps larger than 2 GB - --enable-address-sanitizer Enable address sanitizer support - --enable-code-coverage Whether to enable code coverage support - --enable-debug Enable debugging options (bugreports and developers only) - --enable-gdb Enable gdb debugging information - --enable-gprof-profile Enable gprof profiling options (developers only) - --disable-corefiles Prevent Snort from generating core files - --enable-unit-tests Build unit tests - --enable-piglet Build piglet test capability - --disable-static-daq Link static DAQ modules. + --enable-code-coverage Whether to enable code coverage support + --enable-hardened-build Detect and use compile-time hardening options + --enable-pie Attempt to produce a position-independent executable + --disable-static-ips-actions + do not include ips actions in binary + --disable-static-inspectors + do not include inspectors in binary + --disable-static-loggers + do not include loggers in binary + --disable-static-ips-options + do not include ips options in binary + --disable-static-search-engines + do not include search engines in binary + --disable-static-codecs do not include codecs in binary + --enable-shell enable command line shell support + --enable-large-pcap enable support for pcaps larger than 2 GB + --enable-debug-msgs enable debug printing options (bugreports and + developers only) + --enable-debug enable debugging options (bugreports and developers + only) + --enable-gdb enable gdb debugging information + --enable-gprof-profile enable gprof profiling options (developers only) + --disable-corefiles prevent Snort from generating core files + --enable-address-sanitizer + enable address sanitizer support + --enable-unit-tests build unit tests + --enable-piglet build piglet test harness + --disable-static-daq link static DAQ modules + --disable-html-docs don't create the HTML documentation + --disable-pdf-docs don't create the PDF documentation Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use - both] - --with-gnu-ld assume the C compiler uses GNU ld [default=no] - --with-sysroot=DIR Search for dependent libraries within DIR - (or the compiler's sysroot if not specified). - --with-pcap-includes=DIR libpcap include directory - --with-pcap-libraries=DIR libpcap library directory - --with-luajit-includes=DIR luajit include directory - --with-luajit-libraries=DIR luajit library directory - --with-pcre-includes=DIR libpcre include directory - --with-pcre-libraries=DIR libpcre library directory - --with-openssl-includes=DIR openssl include directory - --with-openssl-library=LIB openssl library library - NOT THE DIRECTORY - --with-crypto-library=LIB openssl crypto library - NOT THE DIRECTORY - --with-dnet-includes=DIR libdnet include directory - --with-dnet-libraries=DIR libdnet library directory - --with-daq-includes=DIR DAQ include directory - --with-daq-libraries=DIR DAQ library directory - --with-hyperscan-includes=DIR libhs include directory - --with-hyperscan-libraries=DIR libhs library directory + --with-pcap-includes=DIR + libpcap include directory + --with-pcap-libraries=DIR + libpcap library directory + --with-luajit-includes=DIR + luajit include directory + --with-luajit-libraries=DIR + luajit library directory + --with-pcre-includes=DIR + libpcre include directory + --with-pcre-libraries=DIR + libpcre library directory + --with-dnet-includes=DIR + libdnet include directory + --with-dnet-libraries=DIR + libdnet library directory + --with-daq-includes=DIR DAQ include directory + --with-daq-libraries=DIR + DAQ library directory + --with-openssl=DIR openssl installation root directory + --with-hyperscan-includes=DIR + libhs include directory + --with-hyperscan-libraries=DIR + libhs library directory Some influential environment variables: SIGNAL_SNORT_RELOAD= @@ -133,140 +147,137 @@ while [ $# -ne 0 ]; do prefix=$optarg append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg ;; - --disable-static-codecs) - append_cache_entry STATIC_CODECS BOOL false + --enable-code-coverage) + append_cache_entry ENABLE_CODE_COVERAGE BOOL true ;; - --enable-static-codecs) - append_cache_entry STATIC_CODECS BOOL true + --disable-code-coverage) + append_cache_entry ENABLE_CODE_COVERAGE BOOL false + ;; + --enable-hardened-build) + append_cache_entry ENABLE_HARDENED_BUILD BOOL true + ;; + --disable-hardened-build) + append_cache_entry ENABLE_HARDENED_BUILD BOOL false + ;; + --enable-pie) + append_cache_entry ENABLE_PIE BOOL true + ;; + --disable-pie) + append_cache_entry ENABLE_PIE BOOL false + ;; + --disable-static-ips-actions) + append_cache_entry STATIC_IPS_ACTIONS BOOL false + ;; + --enable-static-ips-actions) + append_cache_entry STATIC_IPS_ACTIONS BOOL true ;; --disable-static-inspectors) - append_cache_entry STATIC_INSPECTORS BOOL false + append_cache_entry STATIC_INSPECTORS BOOL false ;; --enable-static-inspectors) - append_cache_entry STATIC_INSPECTORS BOOL true + append_cache_entry STATIC_INSPECTORS BOOL true ;; --disable-static-loggers) - append_cache_entry STATIC_LOGGERS BOOL false + append_cache_entry STATIC_LOGGERS BOOL false ;; --enable-static-loggers) - append_cache_entry STATIC_LOGGERS BOOL true + append_cache_entry STATIC_LOGGERS BOOL true ;; --disable-static-ips-options) - append_cache_entry STATIC_IPS_OPTIONS BOOL false - ;; - --enable-static-ips-actions) - append_cache_entry STATIC_IPS_ACTIONS BOOL true - ;; - --disable-static-ips-actions) - append_cache_entry STATIC_IPS_ACTIONS BOOL false + append_cache_entry STATIC_IPS_OPTIONS BOOL false ;; --enable-static-ips-options) - append_cache_entry STATIC_IPS_OPTIONS BOOL true + append_cache_entry STATIC_IPS_OPTIONS BOOL true ;; --disable-static-search-engines) - append_cache_entry STATIC_SEARCH_ENGINES BOOL false + append_cache_entry STATIC_SEARCH_ENGINES BOOL false ;; --enable-static-search-engines) - append_cache_entry STATIC_SEARCH_ENGINES BOOL true + append_cache_entry STATIC_SEARCH_ENGINES BOOL true ;; - --disable-static-daq) - append_cache_entry ENABLE_STATIC_DAQ BOOL false + --disable-static-codecs) + append_cache_entry STATIC_CODECS BOOL false ;; - --enable-static-daq) - append_cache_entry ENABLE_STATIC_DAQ BOOL true + --enable-static-codecs) + append_cache_entry STATIC_CODECS BOOL true ;; - --disable-pthread) - append_cache_entry ENABLE_PTHREAD BOOL false + --enable-shell) + append_cache_entry ENABLE_SHELL BOOL true ;; - --enable-pthread) - append_cache_entry ENABLE_PTHREAD BOOL true + --disable-shell) + append_cache_entry ENABLE_SHELL BOOL false ;; - --disable-debug-msgs) - append_cache_entry ENABLE_DEBUG_MSGS BOOL false + --enable-large-pcap) + append_cache_entry ENABLE_LARGE_PCAP BOOL true + ;; + --disable-large-pcap) + append_cache_entry ENABLE_LARGE_PCAP BOOL false ;; --enable-debug-msgs) - append_cache_entry ENABLE_DEBUG_MSGS BOOL true + append_cache_entry ENABLE_DEBUG_MSGS BOOL true ;; - --disable-gdb) - append_cache_entry ENABLE_GDB BOOL false + --disable-debug-msgs) + append_cache_entry ENABLE_DEBUG_MSGS BOOL false + ;; + --enable-debug) + append_cache_entry ENABLE_DEBUG BOOL true + ;; + --disable-debug) + append_cache_entry ENABLE_DEBUG BOOL false ;; --enable-gdb) - append_cache_entry ENABLE_GDB BOOL true + append_cache_entry ENABLE_GDB BOOL true ;; - --disable-gprof-profile) - append_cache_entry ENABLE_PROFILE BOOL false + --disable-gdb) + append_cache_entry ENABLE_GDB BOOL false ;; --enable-gprof-profile) - append_cache_entry ENABLE_PROFILE BOOL true - ;; - --disable-debug) - append_cache_entry ENABLE_DEBUG BOOL false + append_cache_entry ENABLE_PROFILE BOOL true ;; - --enable-debug) - append_cache_entry ENABLE_DEBUG BOOL true + --disable-gprof-profile) + append_cache_entry ENABLE_PROFILE BOOL false ;; --disable-corefiles) - append_cache_entry ENABLE_COREFILES BOOL false + append_cache_entry ENABLE_COREFILES BOOL false ;; --enable-corefiles) - append_cache_entry ENABLE_COREFILES BOOL true - ;; - --disable-large-pcap) - append_cache_entry ENABLE_LARGE_PCAP BOOL false - ;; - --enable-large-pcap) - append_cache_entry ENABLE_LARGE_PCAP BOOL true + append_cache_entry ENABLE_COREFILES BOOL true ;; --enable-address-sanitizer) - append_cache_entry ENABLE_ADDRESS_SANITIZER BOOL true + append_cache_entry ENABLE_ADDRESS_SANITIZER BOOL true ;; --disable-address-sanitizer) - append_cache_entry ENABLE_ADDRESS_SANITIZER BOOL false - ;; - --enable-code-coverage) - append_cache_entry ENABLE_CODE_COVERAGE BOOL true - ;; - --disable-code-coverage) - append_cache_entry ENABLE_CODE_COVERAGE BOOL false + append_cache_entry ENABLE_ADDRESS_SANITIZER BOOL false ;; - --enable-shell) - append_cache_entry ENABLE_SHELL BOOL true - ;; - --disable-shell) - append_cache_entry ENABLE_SHELL BOOL false + --enable-unit-tests) + append_cache_entry ENABLE_UNIT_TESTS BOOL true ;; --disable-unit-tests) - append_cache_entry ENABLE_UNIT_TESTS BOOL false + append_cache_entry ENABLE_UNIT_TESTS BOOL false ;; - --enable-unit-tests) - append_cache_entry ENABLE_UNIT_TESTS BOOL true + --enable-piglet) + append_cache_entry ENABLE_PIGLET BOOL true ;; --disable-piglet) - append_cache_entry ENABLE_PIGLET BOOL false + append_cache_entry ENABLE_PIGLET BOOL false ;; - --enable-piglet) - append_cache_entry ENABLE_PIGLET BOOL true + --disable-static-daq) + append_cache_entry ENABLE_STATIC_DAQ BOOL false + ;; + --enable-static-daq) + append_cache_entry ENABLE_STATIC_DAQ BOOL true ;; --disable-html-docs) - append_cache_entry MAKE_HTML_DOC BOOL false + append_cache_entry MAKE_HTML_DOC BOOL false ;; --enable-html-docs) - append_cache_entry MAKE_HTML_DOC BOOL true + append_cache_entry MAKE_HTML_DOC BOOL true ;; --disable-pdf-docs) - append_cache_entry MAKE_PDF_DOC BOOL false + append_cache_entry MAKE_PDF_DOC BOOL false ;; --enable-pdf-docs) - append_cache_entry MAKE_PDF_DOC BOOL true - ;; - --with-openssl-includes=*) - append_cache_entry OPENSSL_INCLUDE_DIR PATH $optarg - ;; - --with-openssl-library=*) - check_and_append_cache_entry OPENSSL_SSL_LIBRARY FILEPATH $optarg - ;; - --with-crypto-library=*) - check_and_append_cache_entry OPENSSL_CRYPTO_LIBRARY FILEPATH $optarg + append_cache_entry MAKE_PDF_DOC BOOL true ;; --with-pcap-includes=*) append_cache_entry PCAP_INCLUDE_DIR PATH $optarg @@ -275,22 +286,22 @@ while [ $# -ne 0 ]; do append_cache_entry PCAP_LIBRARIES_DIR PATH $optarg ;; --with-luajit-includes=*) - append_cache_entry LUAJIT_INCLUDE_DIR PATH $optarg + append_cache_entry LUAJIT_INCLUDE_DIR_HINT PATH $optarg ;; --with-luajit-libraries=*) - append_cache_entry LUAJIT_LIBRARIES_DIR PATH $optarg + append_cache_entry LUAJIT_LIBRARIES_DIR_HINT PATH $optarg ;; --with-pcre-includes=*) - append_cache_entry PCRE_INCLUDE_DIR PATH $optarg + append_cache_entry PCRE_INCLUDE_DIR_HINT PATH $optarg ;; --with-pcre-libraries=*) - append_cache_entry PCRE_LIBRARIES_DIR PATH $optarg + append_cache_entry PCRE_LIBRARIES_DIR_HINT PATH $optarg ;; --with-dnet-includes=*) - append_cache_entry DNET_INCLUDE_DIR PATH $optarg + append_cache_entry DNET_INCLUDE_DIR_HINT PATH $optarg ;; --with-dnet-libraries=*) - append_cache_entry DNET_LIBRARIES_DIR PATH $optarg + append_cache_entry DNET_LIBRARIES_DIR_HINT PATH $optarg ;; --with-daq-includes=*) append_cache_entry DAQ_INCLUDE_DIR PATH $optarg @@ -298,6 +309,9 @@ while [ $# -ne 0 ]; do --with-daq-libraries=*) append_cache_entry DAQ_LIBRARIES_DIR PATH $optarg ;; + --with-openssl=*) + append_cache_entry OPENSSL_ROOT_DIR PATH $optarg + ;; # Currently unsupported # --with-intel-soft-cpm-includes=*) # append_cache_entry INTEL_SOFT_CPM_INCLUDE_DIR PATH $optarg @@ -311,12 +325,6 @@ while [ $# -ne 0 ]; do --with-hyperscan-libraries=*) append_cache_entry HS_LIBRARIES_DIR PATH $optarg ;; - --with-flex=*) - append_cache_entry FLEX_EXECUTABLE PATH $optarg - ;; - --with-bison=*) - append_cache_entry BISON_EXECUTABLE PATH $optarg - ;; SIGNAL_SNORT_RELOAD=*) append_cache_entry SIGNAL_SNORT_RELOAD STRING $optarg ;; @@ -357,7 +365,6 @@ gen="" [ "$CMakeGenerator" ] && gen+=" -G $CMakeGenerator" cmake $gen \ - -DCOMPILE_DEFINITIONS:STRING="$CPPFLAGS" \ -DCMAKE_CXX_FLAGS:STRING="$CXXFLAGS $CPPFLAGS" \ -DCMAKE_C_FLAGS:STRING="$CFLAGS $CPPFLAGS" \ $CMakeCacheEntries $sourcedir diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4 new file mode 100644 index 000000000..ca3639715 --- /dev/null +++ b/m4/ax_check_compile_flag.m4 @@ -0,0 +1,74 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the current language's compiler +# or gives an error. (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the current language's default +# flags (e.g. CFLAGS) when the check is done. The check is thus made with +# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to +# force the compiler to issue an error when a bad flag is given. +# +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2011 Maarten Bosmans +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 4 + +AC_DEFUN([AX_CHECK_COMPILE_FLAG], +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl +AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ + ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS + _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" + AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) +AS_VAR_IF(CACHEVAR,yes, + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_COMPILE_FLAGS diff --git a/m4/ax_check_link_flag.m4 b/m4/ax_check_link_flag.m4 new file mode 100644 index 000000000..eb01a6ce1 --- /dev/null +++ b/m4/ax_check_link_flag.m4 @@ -0,0 +1,74 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the linker or gives an error. +# (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the linker's default flags +# when the check is done. The check is thus made with the flags: "LDFLAGS +# EXTRA-FLAGS FLAG". This can for example be used to force the linker to +# issue an error when a bad flag is given. +# +# INPUT gives an alternative input source to AC_LINK_IFELSE. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2011 Maarten Bosmans +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 4 + +AC_DEFUN([AX_CHECK_LINK_FLAG], +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl +AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS $4 $1" + AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + LDFLAGS=$ax_check_save_flags]) +AS_VAR_IF(CACHEVAR,yes, + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_LINK_FLAGS diff --git a/m4/ax_check_preproc_flag.m4 b/m4/ax_check_preproc_flag.m4 new file mode 100644 index 000000000..ca1d5ee2b --- /dev/null +++ b/m4/ax_check_preproc_flag.m4 @@ -0,0 +1,74 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_preproc_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_PREPROC_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the current language's +# preprocessor or gives an error. (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the preprocessor's default +# flags when the check is done. The check is thus made with the flags: +# "CPPFLAGS EXTRA-FLAGS FLAG". This can for example be used to force the +# preprocessor to issue an error when a bad flag is given. +# +# INPUT gives an alternative input source to AC_PREPROC_IFELSE. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{COMPILE,LINK}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2011 Maarten Bosmans +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 4 + +AC_DEFUN([AX_CHECK_PREPROC_FLAG], +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]cppflags_$4_$1])dnl +AC_CACHE_CHECK([whether _AC_LANG preprocessor accepts $1], CACHEVAR, [ + ax_check_save_flags=$CPPFLAGS + CPPFLAGS="$CPPFLAGS $4 $1" + AC_PREPROC_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + CPPFLAGS=$ax_check_save_flags]) +AS_VAR_IF(CACHEVAR,yes, + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_PREPROC_FLAGS diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 94af4019d..f46d8289d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -9,8 +9,6 @@ set(EXTERNAL_LIBRARIES ${HWLOC_LIBRARIES} ${LIBLZMA_LIBRARIES} ${LUAJIT_LIBRARIES} - ${OPENSSL_LIBRARIES} -# ${OPENSSL_CRYPTO_LIBRARY} -- part of OPENSSL_LIBRARIES ${PCAP_LIBRARIES} ${PCRE_LIBRARIES} ${SFBPF_LIBRARIES} @@ -21,13 +19,17 @@ set(EXTERNAL_INCLUDES ${DAQ_INCLUDE_DIR} ${DNET_INCLUDE_DIR} ${HWLOC_INCLUDE_DIRS} - ${OPENSSL_INCLUDE_DIR} ${PCAP_INCLUDE_DIR} ${PCRE_INCLUDE_DIR} ${SFBPF_INCLUDE_DIR} ${ZLIB_INCLUDE_DIRS} ) +if ( HAVE_OPENSSL_SHA OR HAVE_OPENSSL_MD5 ) + LIST(APPEND EXTERNAL_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) + LIST(APPEND EXTERNAL_INCLUDES ${OPENSSL_INCLUDE_DIR}) +endif() + if ( HS_FOUND ) LIST(APPEND EXTERNAL_LIBRARIES ${HS_LIBRARIES}) LIST(APPEND EXTERNAL_INCLUDES ${HS_INCLUDE_DIRS}) diff --git a/src/catch/CMakeLists.txt b/src/catch/CMakeLists.txt index 66f48362a..cf13fd4bc 100644 --- a/src/catch/CMakeLists.txt +++ b/src/catch/CMakeLists.txt @@ -1,39 +1,12 @@ if ( ENABLE_UNIT_TESTS ) -find_package(CHECK REQUIRED) -include_directories(AFTER ${CHECK_INCLUDE_DIR}) - -if ( LINUX ) - find_library(LIBRT rt) - - if ( NOT LIBRT ) - message(SEND_ERROR "librt required.") - endif() -endif() - -# FIXIT-L why do these custom commands always run? -add_custom_command( - OUTPUT suite_decl.h - COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/build_decl.sh ${CMAKE_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR} - DEPENDS build_decl.sh -) - -add_custom_command( - OUTPUT suite_list.h - COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/build_list.sh ${CMAKE_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR} - DEPENDS build_list.sh -) - add_library(catch_tests STATIC catch.hpp unit_test.cc unit_test.h ) -target_link_libraries(catch_tests - ${CHECK_LIBRARIES} - ${LIBRT} -) +target_link_libraries(catch_tests) endif() -- 2.47.3