Commit b710fe5a authored by Nomis101's avatar Nomis101 Committed by Bradley Sepos

make: Move harden option to the new Security group in configure.py.

parent a7dc77b0
......@@ -1669,7 +1669,7 @@ int hb_global_init_no_hardware()
int hb_global_init()
{
/* Print hardening status on global init */
#if HB_PROJECT_HOST_HARDEN
#if HB_PROJECT_SECURITY_HARDEN
hb_log( "Compile-time hardening features are enabled" );
#endif
......
......@@ -38,7 +38,6 @@ dnl
<<#>>define HB_PROJECT_HOST_RELEASE "__HOST_release"
<<#>>define HB_PROJECT_HOST_TITLE "__HOST_title"
<<#>>define HB_PROJECT_HOST_ARCH "__HOST_arch"
<<#>>define HB_PROJECT_HOST_HARDEN __HOST_harden
<<#>>define HB_PROJECT_FEATURE_ASM __FEATURE_asm
<<#>>define HB_PROJECT_FEATURE_FDK_AAC __FEATURE_fdk_aac
......@@ -54,4 +53,6 @@ dnl
<<#>>define HB_PROJECT_FEATURE_X265 __FEATURE_x265
<<#>>define HB_PROJECT_FEATURE_NUMA __FEATURE_numa
<<#>>define HB_PROJECT_SECURITY_HARDEN __SECURITY_harden
#endif /* HB_PROJECT_PROJECT_H */
......@@ -1368,6 +1368,7 @@ def createCLI( cross = None ):
grp = cli.add_argument_group( 'Security Options' )
h = IfHost( 'enable the Sandbox capability (currently macOS-only)', '*-*-darwin*', none=argparse.SUPPRESS).value
grp.add_argument( '--sandbox', dest="enable_sandbox", default=False, action='store_true', help=(( '%s' %h ) if h != argparse.SUPPRESS else h) )
grp.add_argument( '--hardening', dest="enable_harden", default=False, action='store_true', help='enable buffer overflow protection' )
cli.add_argument_group( grp )
## add launch options
......@@ -1389,8 +1390,6 @@ def createCLI( cross = None ):
arch.mode.cli_add_argument( grp, '--arch' )
grp.add_argument( '--cross', default=None, action='store', metavar='SPEC',
help='specify GCC cross-compilation spec' )
grp.add_argument( '--enable-hardening', dest="enable_host_harden", default=False, action='store_true',
help='enable buffer overflow protection' )
cli.add_argument_group( grp )
## add Xcode options
......@@ -1945,7 +1944,6 @@ int main()
doc.add( 'HOST.cross.prefix', '' )
doc.add( 'HOST.arch', arch.mode.mode )
doc.add( 'HOST.harden', int( options.enable_host_harden) )
doc.addBlank()
doc.add( 'SRC', cfg.src_final )
......@@ -1973,6 +1971,7 @@ int main()
doc.addBlank()
doc.add( 'SECURITY.sandbox', int( options.enable_sandbox ))
doc.add( 'SECURITY.harden', int( options.enable_harden ))
if build_tuple.match( '*-*-darwin*' ) and options.cross is None:
doc.add( 'FEATURE.xcode', int( not (Tools.xcodebuild.fail or options.disable_xcode) ))
......
......@@ -89,7 +89,7 @@ GCC.args.extra.exe++ = $(LDFLAGS)
# If hardening is enabled -D_FORTIFY_SOURCE=2 adds compile-time protection and run-time
# checking against static sized buffer overflow flaws. -fstack-protector-strong enables
# stack canaries to detect stack buffer overflows (stack overwrites).
ifeq (1,$(HOST.harden))
ifeq (1,$(SECURITY.harden))
GCC.args.extra += $(CFLAGS) $(CXXFLAGS) $(CPPFLAGS) -fstack-protector-strong -D_FORTIFY_SOURCE=2
GCC.args.extra.exe += -fstack-protector-strong
endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment