summaryrefslogtreecommitdiffstats
path: root/package/sudo/0002-Better-configure-test-for-fstack-protector.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/sudo/0002-Better-configure-test-for-fstack-protector.patch')
-rw-r--r--package/sudo/0002-Better-configure-test-for-fstack-protector.patch415
1 files changed, 415 insertions, 0 deletions
diff --git a/package/sudo/0002-Better-configure-test-for-fstack-protector.patch b/package/sudo/0002-Better-configure-test-for-fstack-protector.patch
new file mode 100644
index 0000000000..b9ec41038c
--- /dev/null
+++ b/package/sudo/0002-Better-configure-test-for-fstack-protector.patch
@@ -0,0 +1,415 @@
+Better configure test for -fstack-protector. Some gcc installations may
+be missing the ssp library even though the compiler supports it.
+
+Backported from upstream:
+ http://www.sudo.ws/repos/sudo/rev/4ade5d1249f4
+
+Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller@courtesan.com>
+# Date 1446137469 21600
+# Node ID 4ade5d1249f483c4dd6c579c70b327791094afe8
+# Parent 97ee37d905ceefa433e93a0f552c2a3e5926e2fb
+Better configure test for -fstack-protector. Some gcc installations
+may be missing the ssp library even though the compiler supports it.
+
+diff -r 97ee37d905ce -r 4ade5d1249f4 configure
+--- a/configure Sun Oct 25 14:28:38 2015 -0600
++++ b/configure Thu Oct 29 10:51:09 2015 -0600
+@@ -23916,236 +23916,94 @@
+ fi
+
+ if test "$enable_hardening" != "no"; then
+- if test -n "$GCC"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-strong" >&5
+-$as_echo_n "checking whether C compiler accepts -fstack-protector-strong... " >&6; }
+-if ${ax_cv_check_cflags___fstack_protector_strong+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+-
+- ax_check_save_flags=$CFLAGS
+- CFLAGS="$CFLAGS -fstack-protector-strong"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+- ax_cv_check_cflags___fstack_protector_strong=yes
+-else
+- ax_cv_check_cflags___fstack_protector_strong=no
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+- CFLAGS=$ax_check_save_flags
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5
+-$as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; }
+-if test x"$ax_cv_check_cflags___fstack_protector_strong" = xyes; then :
+-
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector-strong" >&5
+-$as_echo_n "checking whether the linker accepts -fstack-protector-strong... " >&6; }
+-if ${ax_cv_check_ldflags___fstack_protector_strong+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+-
+- ax_check_save_flags=$LDFLAGS
+- LDFLAGS="$LDFLAGS -fstack-protector-strong"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+- ax_cv_check_ldflags___fstack_protector_strong=yes
+-else
+- ax_cv_check_ldflags___fstack_protector_strong=no
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- LDFLAGS=$ax_check_save_flags
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector_strong" >&5
+-$as_echo "$ax_cv_check_ldflags___fstack_protector_strong" >&6; }
+-if test x"$ax_cv_check_ldflags___fstack_protector_strong" = xyes; then :
+-
+- SSP_CFLAGS="-fstack-protector-strong"
+- SSP_LDFLAGS="-Wc,-fstack-protector-strong"
+-
+-else
+- :
+-fi
+-
+-
+-else
+- :
+-fi
+-
+- if test -z "$SSP_CFLAGS"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-all" >&5
+-$as_echo_n "checking whether C compiler accepts -fstack-protector-all... " >&6; }
+-if ${ax_cv_check_cflags___fstack_protector_all+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+-
+- ax_check_save_flags=$CFLAGS
+- CFLAGS="$CFLAGS -fstack-protector-all"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+- ax_cv_check_cflags___fstack_protector_all=yes
+-else
+- ax_cv_check_cflags___fstack_protector_all=no
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+- CFLAGS=$ax_check_save_flags
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_all" >&5
+-$as_echo "$ax_cv_check_cflags___fstack_protector_all" >&6; }
+-if test x"$ax_cv_check_cflags___fstack_protector_all" = xyes; then :
+-
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector-all" >&5
+-$as_echo_n "checking whether the linker accepts -fstack-protector-all... " >&6; }
+-if ${ax_cv_check_ldflags___fstack_protector_all+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+-
+- ax_check_save_flags=$LDFLAGS
+- LDFLAGS="$LDFLAGS -fstack-protector-all"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+- ax_cv_check_ldflags___fstack_protector_all=yes
+-else
+- ax_cv_check_ldflags___fstack_protector_all=no
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- LDFLAGS=$ax_check_save_flags
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector_all" >&5
+-$as_echo "$ax_cv_check_ldflags___fstack_protector_all" >&6; }
+-if test x"$ax_cv_check_ldflags___fstack_protector_all" = xyes; then :
+-
+- SSP_CFLAGS="-fstack-protector-all"
+- SSP_LDFLAGS="-Wc,-fstack-protector-all"
+-
+-else
+- :
+-fi
+-
+-
+-else
+- :
+-fi
+-
+- if test -z "$SSP_CFLAGS"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector" >&5
+-$as_echo_n "checking whether C compiler accepts -fstack-protector... " >&6; }
+-if ${ax_cv_check_cflags___fstack_protector+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+-
+- ax_check_save_flags=$CFLAGS
+- CFLAGS="$CFLAGS -fstack-protector"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+- ax_cv_check_cflags___fstack_protector=yes
+-else
+- ax_cv_check_cflags___fstack_protector=no
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+- CFLAGS=$ax_check_save_flags
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector" >&5
+-$as_echo "$ax_cv_check_cflags___fstack_protector" >&6; }
+-if test x"$ax_cv_check_cflags___fstack_protector" = xyes; then :
+-
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector" >&5
+-$as_echo_n "checking whether the linker accepts -fstack-protector... " >&6; }
+-if ${ax_cv_check_ldflags___fstack_protector+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+-
+- ax_check_save_flags=$LDFLAGS
+- LDFLAGS="$LDFLAGS -fstack-protector"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+- ax_cv_check_ldflags___fstack_protector=yes
+-else
+- ax_cv_check_ldflags___fstack_protector=no
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- LDFLAGS=$ax_check_save_flags
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector" >&5
+-$as_echo "$ax_cv_check_ldflags___fstack_protector" >&6; }
+-if test x"$ax_cv_check_ldflags___fstack_protector" = xyes; then :
+-
+- SSP_CFLAGS="-fstack-protector"
+- SSP_LDFLAGS="-Wc,-fstack-protector"
+-
+-else
+- :
+-fi
+-
+-
+-else
+- :
+-fi
+-
+- fi
+- fi
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compiler stack protector support" >&5
++$as_echo_n "checking for compiler stack protector support... " >&6; }
++if ${sudo_cv_var_stack_protector+:} false; then :
++ $as_echo_n "(cached) " >&6
++else
++
++ sudo_cv_var_stack_protector=no
++ _CFLAGS="$CFLAGS"
++ _LDFLAGS="$LDFLAGS"
++ CFLAGS="-fstack-protector-strong"
++ LDFLAGS="-fstack-protector-strong"
++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++ $ac_includes_default
++int
++main ()
++{
++char buf[1024]; buf[1023] = '\0';
++ ;
++ return 0;
++}
++
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++
++ sudo_cv_var_stack_protector="-fstack-protector-strong"
++
++else
++
++ CFLAGS="-fstack-protector-all"
++ LDFLAGS="-fstack-protector-all"
++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++ $ac_includes_default
++int
++main ()
++{
++char buf[1024]; buf[1023] = '\0';
++ ;
++ return 0;
++}
++
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++
++ sudo_cv_var_stack_protector="-fstack-protector-all"
++
++else
++
++ CFLAGS="-fstack-protector"
++ LDFLAGS="-fstack-protector"
++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++ $ac_includes_default
++int
++main ()
++{
++char buf[1024]; buf[1023] = '\0';
++ ;
++ return 0;
++}
++
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++
++ sudo_cv_var_stack_protector="-fstack-protector"
++
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++ CFLAGS="$_CFLAGS"
++ LDFLAGS="$_LDFLAGS"
++
++
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_stack_protector" >&5
++$as_echo "$sudo_cv_var_stack_protector" >&6; }
++ if test X"$sudo_cv_var_stack_protector" != X"no"; then
++ SSP_CFLAGS="$sudo_cv_var_stack_protector"
++ SSP_LDFLAGS="-Wc,$sudo_cv_var_stack_protector"
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5
+ $as_echo_n "checking whether the linker accepts -Wl,-z,relro... " >&6; }
+diff -r 97ee37d905ce -r 4ade5d1249f4 configure.ac
+--- a/configure.ac Sun Oct 25 14:28:38 2015 -0600
++++ b/configure.ac Thu Oct 29 10:51:09 2015 -0600
+@@ -3978,29 +3978,45 @@
+ dnl This test relies on AC_LANG_WERROR
+ dnl
+ if test "$enable_hardening" != "no"; then
+- if test -n "$GCC"; then
+- AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [
+- AX_CHECK_LINK_FLAG([-fstack-protector-strong], [
+- SSP_CFLAGS="-fstack-protector-strong"
+- SSP_LDFLAGS="-Wc,-fstack-protector-strong"
+- ])
+- ])
+- if test -z "$SSP_CFLAGS"; then
+- AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
+- AX_CHECK_LINK_FLAG([-fstack-protector-all], [
+- SSP_CFLAGS="-fstack-protector-all"
+- SSP_LDFLAGS="-Wc,-fstack-protector-all"
++ AC_CACHE_CHECK([for compiler stack protector support],
++ [sudo_cv_var_stack_protector],
++ [
++ sudo_cv_var_stack_protector=no
++ _CFLAGS="$CFLAGS"
++ _LDFLAGS="$LDFLAGS"
++ CFLAGS="-fstack-protector-strong"
++ LDFLAGS="-fstack-protector-strong"
++ AC_COMPILE_IFELSE([
++ AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
++ [[char buf[1024]; buf[1023] = '\0';]])
++ ], [
++ sudo_cv_var_stack_protector="-fstack-protector-strong"
++ ], [
++ CFLAGS="-fstack-protector-all"
++ LDFLAGS="-fstack-protector-all"
++ AC_COMPILE_IFELSE([
++ AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
++ [[char buf[1024]; buf[1023] = '\0';]])
++ ], [
++ sudo_cv_var_stack_protector="-fstack-protector-all"
++ ], [
++ CFLAGS="-fstack-protector"
++ LDFLAGS="-fstack-protector"
++ AC_COMPILE_IFELSE([
++ AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
++ [[char buf[1024]; buf[1023] = '\0';]])
++ ], [
++ sudo_cv_var_stack_protector="-fstack-protector"
++ ], [])
+ ])
+ ])
+- if test -z "$SSP_CFLAGS"; then
+- AX_CHECK_COMPILE_FLAG([-fstack-protector], [
+- AX_CHECK_LINK_FLAG([-fstack-protector], [
+- SSP_CFLAGS="-fstack-protector"
+- SSP_LDFLAGS="-Wc,-fstack-protector"
+- ])
+- ])
+- fi
+- fi
++ CFLAGS="$_CFLAGS"
++ LDFLAGS="$_LDFLAGS"
++ ]
++ )
++ if test X"$sudo_cv_var_stack_protector" != X"no"; then
++ SSP_CFLAGS="$sudo_cv_var_stack_protector"
++ SSP_LDFLAGS="-Wc,$sudo_cv_var_stack_protector"
+ fi
+ AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])
+ fi
+
OpenPOWER on IntegriCloud