diff options
author | Damien Miller <djm@mindrot.org> | 2017-09-19 10:18:56 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-09-19 10:22:33 +1000 |
commit | 161af8f5ec0961b10cc032efb5cc1b44ced5a92e (patch) | |
tree | 35221f3c3b7ca336e32664e7403fbf11d8ed565b | |
parent | 09eacf856e0fe1a6e3fe597ec8032b7046292914 (diff) | |
download | openssh-git-161af8f5ec0961b10cc032efb5cc1b44ced5a92e.tar.gz |
move FORTIFY_SOURCE into hardening options group
It's still on by default, but now it's possible to turn it off using
--without-hardening. This is useful since it's known to cause problems
with some -fsanitize options. ok dtucker@
-rw-r--r-- | configure.ac | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 522f54b0..ebc2f33f 100644 --- a/configure.ac +++ b/configure.ac @@ -163,8 +163,8 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) - OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) if test "x$use_toolchain_hardening" = "x1"; then + OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) |