From: Nicholas Clark Date: Thu, 20 Dec 2007 16:02:25 +0000 (+0000) Subject: A new try at getting -fstack-protector working, by adding it to the X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=6682be1cb0cf57e58661289c111831ff65f51b05;p=p5sagit%2Fp5-mst-13.2.git A new try at getting -fstack-protector working, by adding it to the gcc link flags so that any implementation dependant libraries are also linked in. p4raw-id: //depot/perl@32669 --- diff --git a/Configure b/Configure index cd04dae..7e88403 100755 --- a/Configure +++ b/Configure @@ -1328,7 +1328,7 @@ libswanted_uselargefiles='' : List of libraries we want. : If anyone needs extra -lxxx, put those in a hint file. libswanted="sfio socket bind inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun" -libswanted="$libswanted m crypt sec util c cposix posix ucb bsd BSD" +libswanted="$libswanted m crypt sec util c cposix posix ucb bsd BSD ssp" : We probably want to search /usr/shlib before most other libraries. : This is only used by the lib/ExtUtils/MakeMaker.pm routine extliblist. glibpth=`echo " $glibpth " | sed -e 's! /usr/shlib ! !'` @@ -5047,17 +5047,19 @@ esac : argument order is deliberate, as the flag will start with - which set could : think is an option -checkccflag='check=$1; flag=$2; +checkccflag='check=$1; flag=$2; callback=$3; echo " "; echo "Checking if your compiler accepts $flag" 2>&1; echo "int main(void) { return 0; }" > gcctest.c; -if $cc -O2 $flag -o gcctest gcctest.c; then +if $cc -O2 $flag -o gcctest gcctest.c && ./gcctest; then echo "Yes, it does." 2>&1; case "$ccflags" in *$check*) echo "Leaving current flags $ccflags alone." 2>&1 ;; - *) dflt="$dflt $flag" ;; + *) dflt="$dflt $flag"; + eval $callback + ;; esac else echo "Nope, it does not, but that is ok." 2>&1; @@ -5098,6 +5100,18 @@ default|recommended) eval $checkccflag ;; esac + + # on x86_64 (at least) we require an extra library (libssp) in the + # link command line. This library is not named, so I infer that it is + # an implementation detail that may change. Hence the safest approach + # is to add the flag to the flags passed to the compiler at link time, + # as that way the compiler can do the right implementation dependant + # thing. (NWC) + case "$gccversion" in + ?*) set stack-protector -fstack-protector 'ldflags="$ldflags -fstack-protector"' + eval $checkccflag + ;; + esac ;; esac diff --git a/cflags.SH b/cflags.SH index 5c355da..9dd6181 100755 --- a/cflags.SH +++ b/cflags.SH @@ -134,7 +134,7 @@ case "$gccversion" in '') ;; [12]*) ;; # gcc versions 1 (gasp!) and 2 are not good for this. Intel*) ;; # # Is that you, Intel C++? -*) for opt in -ansi -pedantic -std=c89 -W -Wextra -Wdeclaration-after-statement -Wendif-labels -Wc++-compat -fstack-protector +*) for opt in -ansi -pedantic -std=c89 -W -Wextra -Wdeclaration-after-statement -Wendif-labels -Wc++-compat do case " $ccflags " in *" $opt "*) ;; # Skip if already there.