diff options
| author | Nomis101 <[email protected]> | 2019-08-20 22:26:48 +0200 |
|---|---|---|
| committer | Bradley Sepos <[email protected]> | 2019-08-21 22:47:06 -0400 |
| commit | b710fe5a98c1b30f80d8c3a2d88eaa50139739c2 (patch) | |
| tree | 6894f4a9574aa68b63c242ab26d8b2b95fa0174c | |
| parent | a7dc77b030c0de740022c639d6a604a242419d7b (diff) | |
make: Move harden option to the new Security group in configure.py.
| -rw-r--r-- | libhb/hb.c | 2 | ||||
| -rw-r--r-- | libhb/project.h.m4 | 3 | ||||
| -rw-r--r-- | make/configure.py | 5 | ||||
| -rw-r--r-- | make/include/gcc.defs | 2 |
4 files changed, 6 insertions, 6 deletions
diff --git a/libhb/hb.c b/libhb/hb.c index 9854d907e..0b0aa401c 100644 --- a/libhb/hb.c +++ b/libhb/hb.c @@ -1669,7 +1669,7 @@ int hb_global_init_no_hardware() int hb_global_init() { /* Print hardening status on global init */ -#if HB_PROJECT_HOST_HARDEN +#if HB_PROJECT_SECURITY_HARDEN hb_log( "Compile-time hardening features are enabled" ); #endif diff --git a/libhb/project.h.m4 b/libhb/project.h.m4 index 2ce9fac68..93af47419 100644 --- a/libhb/project.h.m4 +++ b/libhb/project.h.m4 @@ -38,7 +38,6 @@ dnl <<#>>define HB_PROJECT_HOST_RELEASE "__HOST_release" <<#>>define HB_PROJECT_HOST_TITLE "__HOST_title" <<#>>define HB_PROJECT_HOST_ARCH "__HOST_arch" -<<#>>define HB_PROJECT_HOST_HARDEN __HOST_harden <<#>>define HB_PROJECT_FEATURE_ASM __FEATURE_asm <<#>>define HB_PROJECT_FEATURE_FDK_AAC __FEATURE_fdk_aac @@ -54,4 +53,6 @@ dnl <<#>>define HB_PROJECT_FEATURE_X265 __FEATURE_x265 <<#>>define HB_PROJECT_FEATURE_NUMA __FEATURE_numa +<<#>>define HB_PROJECT_SECURITY_HARDEN __SECURITY_harden + #endif /* HB_PROJECT_PROJECT_H */ diff --git a/make/configure.py b/make/configure.py index ffc38dedb..39876fe5c 100644 --- a/make/configure.py +++ b/make/configure.py @@ -1368,6 +1368,7 @@ def createCLI( cross = None ): grp = cli.add_argument_group( 'Security Options' ) h = IfHost( 'enable the Sandbox capability (currently macOS-only)', '*-*-darwin*', none=argparse.SUPPRESS).value grp.add_argument( '--sandbox', dest="enable_sandbox", default=False, action='store_true', help=(( '%s' %h ) if h != argparse.SUPPRESS else h) ) + grp.add_argument( '--hardening', dest="enable_harden", default=False, action='store_true', help='enable buffer overflow protection' ) cli.add_argument_group( grp ) ## add launch options @@ -1389,8 +1390,6 @@ def createCLI( cross = None ): arch.mode.cli_add_argument( grp, '--arch' ) grp.add_argument( '--cross', default=None, action='store', metavar='SPEC', help='specify GCC cross-compilation spec' ) - grp.add_argument( '--enable-hardening', dest="enable_host_harden", default=False, action='store_true', - help='enable buffer overflow protection' ) cli.add_argument_group( grp ) ## add Xcode options @@ -1945,7 +1944,6 @@ int main() doc.add( 'HOST.cross.prefix', '' ) doc.add( 'HOST.arch', arch.mode.mode ) - doc.add( 'HOST.harden', int( options.enable_host_harden) ) doc.addBlank() doc.add( 'SRC', cfg.src_final ) @@ -1973,6 +1971,7 @@ int main() doc.addBlank() doc.add( 'SECURITY.sandbox', int( options.enable_sandbox )) + doc.add( 'SECURITY.harden', int( options.enable_harden )) if build_tuple.match( '*-*-darwin*' ) and options.cross is None: doc.add( 'FEATURE.xcode', int( not (Tools.xcodebuild.fail or options.disable_xcode) )) diff --git a/make/include/gcc.defs b/make/include/gcc.defs index e670c8cd9..f0baf3a96 100644 --- a/make/include/gcc.defs +++ b/make/include/gcc.defs @@ -89,7 +89,7 @@ GCC.args.extra.exe++ = $(LDFLAGS) # If hardening is enabled -D_FORTIFY_SOURCE=2 adds compile-time protection and run-time # checking against static sized buffer overflow flaws. -fstack-protector-strong enables # stack canaries to detect stack buffer overflows (stack overwrites). -ifeq (1,$(HOST.harden)) +ifeq (1,$(SECURITY.harden)) GCC.args.extra += $(CFLAGS) $(CXXFLAGS) $(CPPFLAGS) -fstack-protector-strong -D_FORTIFY_SOURCE=2 GCC.args.extra.exe += -fstack-protector-strong endif |