diff --git a/configure.in b/configure.in index 397b12ea..5d889efb 100644 --- a/configure.in +++ b/configure.in @@ -64,7 +64,16 @@ case "$host_os" in esac AC_ARG_ENABLE(gcc-warnings, - AS_HELP_STRING(--enable-gcc-warnings, enable verbose warnings with GCC)) + AS_HELP_STRING(--disable-gcc-warnings, disable verbose warnings with GCC)) + +AC_ARG_ENABLE(gcc-hardening, + AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), +[if test x$enableval = xyes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" + CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" +fi]) + AC_ARG_ENABLE(thread-support, AS_HELP_STRING(--disable-thread-support, disable support for threading), [], [enable_thread_support=yes]) @@ -655,7 +664,7 @@ AM_CONDITIONAL(OPENSSL, [test "$enable_openssl" != "no" && test "$have_openssl" # Add some more warnings which we use in development but not in the # released versions. (Some relevant gcc versions can't handle these.) -if test x$enable_gcc_warnings = xyes && test "$GCC" = "yes"; then +if test x$enable_gcc_warnings != xno && test "$GCC" = "yes"; then AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [ #if !defined(__GNUC__) || (__GNUC__ < 4) @@ -682,7 +691,11 @@ if test x$enable_gcc_warnings = xyes && test "$GCC" = "yes"; then #error #endif])], have_clang29orlower=yes, have_clang29orlower=no) - CFLAGS="$CFLAGS -W -Wfloat-equal -Wundef -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment -Wformat -Wwrite-strings -Wmissing-declarations -Wredundant-decls -Wnested-externs -Wbad-function-cast -Wswitch-enum -Werror" + CFLAGS="$CFLAGS -W -Wfloat-equal -Wundef -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment -Wformat -Wwrite-strings -Wmissing-declarations -Wredundant-decls -Wnested-externs -Wbad-function-cast -Wswitch-enum" + if test x$enable_gcc_warnings = xyes; then + CFLAGS="$CFLAGS -Werror" + fi + CFLAGS="$CFLAGS -Wno-unused-parameter -Wstrict-aliasing" if test x$have_gcc4 = xyes ; then