mirror of https://github.com/python/cpython
gh-112301: Add fortify source level 3 to default compiler options (gh-121520)
This commit is contained in:
parent
94e6644584
commit
bdab67e1c7
|
@ -0,0 +1,2 @@
|
||||||
|
Enable runtime protections for glibc to abort execution when unsafe behavior is encountered,
|
||||||
|
for all platforms except Windows.
|
|
@ -9691,6 +9691,45 @@ else $as_nop
|
||||||
printf "%s\n" "$as_me: WARNING: -Wtrampolines not supported" >&2;}
|
printf "%s\n" "$as_me: WARNING: -Wtrampolines not supported" >&2;}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_FORTIFY_SOURCE=3" >&5
|
||||||
|
printf %s "checking whether C compiler accepts -D_FORTIFY_SOURCE=3... " >&6; }
|
||||||
|
if test ${ax_cv_check_cflags___D_FORTIFY_SOURCE_3+y}
|
||||||
|
then :
|
||||||
|
printf %s "(cached) " >&6
|
||||||
|
else $as_nop
|
||||||
|
|
||||||
|
ax_check_save_flags=$CFLAGS
|
||||||
|
CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=3"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main (void)
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_compile "$LINENO"
|
||||||
|
then :
|
||||||
|
ax_cv_check_cflags___D_FORTIFY_SOURCE_3=yes
|
||||||
|
else $as_nop
|
||||||
|
ax_cv_check_cflags___D_FORTIFY_SOURCE_3=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
|
||||||
|
CFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___D_FORTIFY_SOURCE_3" >&5
|
||||||
|
printf "%s\n" "$ax_cv_check_cflags___D_FORTIFY_SOURCE_3" >&6; }
|
||||||
|
if test "x$ax_cv_check_cflags___D_FORTIFY_SOURCE_3" = xyes
|
||||||
|
then :
|
||||||
|
BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"
|
||||||
|
else $as_nop
|
||||||
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: -D_FORTIFY_SOURCE=3 not supported" >&5
|
||||||
|
printf "%s\n" "$as_me: WARNING: -D_FORTIFY_SOURCE=3 not supported" >&2;}
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
case $GCC in
|
case $GCC in
|
||||||
yes)
|
yes)
|
||||||
|
|
|
@ -2460,6 +2460,7 @@ AS_VAR_IF([with_strict_overflow], [yes],
|
||||||
# These flags should be enabled by default for all builds.
|
# These flags should be enabled by default for all builds.
|
||||||
AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [BASECFLAGS="$BASECFLAGS -fstack-protector-strong"], [AC_MSG_WARN([-fstack-protector-strong not supported])], [-Werror])
|
AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [BASECFLAGS="$BASECFLAGS -fstack-protector-strong"], [AC_MSG_WARN([-fstack-protector-strong not supported])], [-Werror])
|
||||||
AX_CHECK_COMPILE_FLAG([-Wtrampolines], [BASECFLAGS="$BASECFLAGS -Wtrampolines"], [AC_MSG_WARN([-Wtrampolines not supported])], [-Werror])
|
AX_CHECK_COMPILE_FLAG([-Wtrampolines], [BASECFLAGS="$BASECFLAGS -Wtrampolines"], [AC_MSG_WARN([-Wtrampolines not supported])], [-Werror])
|
||||||
|
AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=3], [BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"], [AC_MSG_WARN([-D_FORTIFY_SOURCE=3 not supported])])
|
||||||
|
|
||||||
case $GCC in
|
case $GCC in
|
||||||
yes)
|
yes)
|
||||||
|
|
Loading…
Reference in New Issue