From: Harlan Stenn Date: Wed, 1 Mar 2017 09:30:03 +0000 (+0000) Subject: [Sec 3376] Support build "hardening" flags X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9186f9410d0e37e80c4fc6874630edeec50f7b1b;p=thirdparty%2Fntp.git [Sec 3376] Support build "hardening" flags bk: 58b6949bhHViGU_7oFFhRuZfxrChmA --- diff --git a/configure.ac b/configure.ac index 066fb35c8..e0775b1c1 100644 --- a/configure.ac +++ b/configure.ac @@ -65,11 +65,12 @@ ntp_ripe_ncc_ok=${ntp_parse_ok=no} ntp_jupiter_ok=${ntp_jupiter_ok=no} NTP_PROG_CC -AC_PROG_CPP -# Do we need CXX for anything besides google test? -AC_PROG_CXX +NTP_COMPILER + +dnl # Do we need CXX for anything besides google test? +dnl AC_PROG_CXX AC_PROG_YACC -AC_PROG_CC_C_O +dnl AC_PROG_CC_C_O # called by NTP_COMPILER AX_C99_STRUCT_INIT NTP_HARDEN([sntp]) diff --git a/sntp/configure.ac b/sntp/configure.ac index b03c257bf..5a70c5af6 100644 --- a/sntp/configure.ac +++ b/sntp/configure.ac @@ -55,7 +55,7 @@ AC_CONFIG_HEADER([config.h]) dnl AC_ARG_PROGRAM NTP_PROG_CC - +NTP_COMPILER NTP_HARDEN NTP_LOCINFO() @@ -141,9 +141,9 @@ AC_DEFINE([HAVE_TERMIOS], 1, [sntp does not care about TTY stuff]) AC_CHECK_FUNCS([socket]) NTP_UNITYBUILD -# HMS: if we don't find c++ we should not look for gtest. -AC_PROG_CXX -NTP_GOOGLETEST +## HMS: if we don't find c++ we should not look for gtest. +#AC_PROG_CXX +#NTP_GOOGLETEST SNTP_PROBLEM_TESTS diff --git a/sntp/harden/freebsd11 b/sntp/harden/freebsd11 index 21387dab6..bc37c3693 100644 --- a/sntp/harden/freebsd11 +++ b/sntp/harden/freebsd11 @@ -1,4 +1,4 @@ # FreeBSD-11 hardening flags -NTP_HARD_CFLAGS="-fsanitize=safe-stack -fstack-protector -Wformat -Wformat-security -Werror=format-security" +NTP_HARD_CFLAGS="-fstack-protector -Wformat -Wformat-security -Werror=format-security" NTP_HARD_CPPFLAGS="" NTP_HARD_LDFLAGS="-Wl,-z,relro" diff --git a/sntp/harden/freebsd12 b/sntp/harden/freebsd12 index 21387dab6..bc37c3693 100644 --- a/sntp/harden/freebsd12 +++ b/sntp/harden/freebsd12 @@ -1,4 +1,4 @@ # FreeBSD-11 hardening flags -NTP_HARD_CFLAGS="-fsanitize=safe-stack -fstack-protector -Wformat -Wformat-security -Werror=format-security" +NTP_HARD_CFLAGS="-fstack-protector -Wformat -Wformat-security -Werror=format-security" NTP_HARD_CPPFLAGS="" NTP_HARD_LDFLAGS="-Wl,-z,relro" diff --git a/sntp/m4/ntp_compiler.m4 b/sntp/m4/ntp_compiler.m4 index e4c515f27..ae897e72a 100644 --- a/sntp/m4/ntp_compiler.m4 +++ b/sntp/m4/ntp_compiler.m4 @@ -1,8 +1,16 @@ dnl ###################################################################### dnl Common m4sh code for compiler stuff AC_DEFUN([NTP_COMPILER], [ -AC_REQUIRE([AC_PROG_CC_C89]) -AC_REQUIRE([AC_PROG_CC_C99]) + +AC_USE_SYSTEM_EXTENSIONS + +# Ralf Wildenhues: With per-target flags we need CC_C_O +# AM_PROG_CC_C_O supersets AC_PROG_CC_C_O +AM_PROG_CC_C_O +AC_PROG_GCC_TRADITIONAL +AC_REQUIRE([AC_PROG_CC_STDC]) +dnl AC_REQUIRE([AC_PROG_CC_C89]) +dnl AC_REQUIRE([AC_PROG_CC_C99]) CFLAGS_NTP= CPPFLAGS_NTP= @@ -192,5 +200,9 @@ esac NTP_OS_CFLAGS +AC_C_BIGENDIAN +AC_C_VOLATILE +AC_PROG_CPP + ])dnl dnl ====================================================================== diff --git a/sntp/m4/ntp_prog_cc.m4 b/sntp/m4/ntp_prog_cc.m4 index c6b4e03f0..ffbc4552d 100644 --- a/sntp/m4/ntp_prog_cc.m4 +++ b/sntp/m4/ntp_prog_cc.m4 @@ -2,20 +2,21 @@ dnl ###################################################################### dnl NTP compiler basics dnl AC_DEFUN([NTP_PROG_CC], [ +case "$build" in + *-*-freebsd1?.*) + cclist=cc + ;; + *) + cclist= + ;; +esac + +dnl we need to check for cross compile tools for vxWorks here dnl must come before AC_PROG_CC or similar -AC_USE_SYSTEM_EXTENSIONS +#AC_USE_SYSTEM_EXTENSIONS -dnl we need to check for cross compile tools for vxWorks here -AC_PROG_CC -# Ralf Wildenhues: With per-target flags we need CC_C_O -# AM_PROG_CC_C_O supersets AC_PROG_CC_C_O -AM_PROG_CC_C_O -AC_PROG_GCC_TRADITIONAL -NTP_COMPILER -AC_C_BIGENDIAN -AC_C_VOLATILE -AC_PROG_CPP +AC_PROG_CC([$cclist]) ])dnl dnl ======================================================================