[Git][NTPsec/ntpsec][master] waf: only harden on gcc >= 5
Gary E. Miller
gitlab at mg.gitlab.com
Wed Feb 15 00:12:07 UTC 2017
Gary E. Miller pushed to branch master at NTPsec / ntpsec
Commits:
51e057a7 by Gary E. Miller at 2017-02-14T16:03:49-08:00
waf: only harden on gcc >= 5
-fPIE for ntpd still not working...
- - - - -
1 changed file:
- wafhelpers/configure.py
Changes:
=====================================
wafhelpers/configure.py
=====================================
--- a/wafhelpers/configure.py
+++ b/wafhelpers/configure.py
@@ -241,16 +241,26 @@ def cmd_configure(ctx, config):
else:
# -O1 will turn on -D_FORTIFY_SOURCE=2 for us
ctx.env.CFLAGS += [
- "-fPIE", # hardening
"-fstack-protector-all", # hardening
"-O1",
- "-pie", # hardening
- "-std=gnu99"
+ "-std=gnu99",
]
ctx.env.LDFLAGS += [
"-Wl,-z,now", # hardening, no deferred symbol resolution
- "-Wl,-z,relro", # hardening, marks some section read only,
]
+
+ if 5 <=ctx.env.CC_VERSION[0]:
+ # gcc >= 5.0
+ ctx.env.CFLAGS += [
+ "-fPIE", # hardening
+ "-O1",
+ "-pie", # hardening
+ ]
+ ctx.env.LDFLAGS += [
+ "-fPIE", # hardening
+ "-Wl,-z,relro", # hardening, marks some section read only,
+ ]
+
if ctx.options.disable_debug:
# not debugging
ctx.env.LDFLAGS += [
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/51e057a7b58e420d80fd1277643dfdf8de7d40c6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170215/5b3ad3f1/attachment.html>
More information about the vc
mailing list