configure: Test for _FORTIFY_SOURCE=3 support.
Commit Message
_FORTIFY_SOURCE=3 adds extra glibc (dynamic) fortification checks
when using GCC 12.
This adds a configure check to see if -D_FORTIFY_SOURCE=3 can be used.
If not, configure will fall back to -D_FORTIFY_SOURCE=2.
On some older glibc versions (glibc 2.17) using -D_FORTIFY_SOURCE=3
provides the same fortification as _FORTIFY_SOURCE=2. On some newer
glibc versions and older GCC (glibc 2.34 amd gcc 11) using
-D_FORTIFY_SOURCE=3 produces a not supported warning (and we fall
back to -D_FORTIFY_SOURCE=2). With newer glibc and newer GCC versions
(glibc 2.35 and gcc 12) -D_FORTIFY_SOURCE=3 will use the newer dynamic
fortification checks.
This patch also makes sure that AC_PROG_CXX is used earlier so that
CXXFLAGS is always setup correctly (even if we then don't use it).
And it outputs both the CFLAGS and CXXFLAGS as used at the end.
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
https://code.wildebeest.org/git/user/mjw/elfutils/commit/?h=_FORTIFY_SOURCE3
ChangeLog | 6 ++++++
configure.ac | 37 +++++++++++++++++++++++++++----------
2 files changed, 33 insertions(+), 10 deletions(-)
Comments
Hi,
On Thu, 2022-03-10 at 18:06 +0100, Mark Wielaard wrote:
> _FORTIFY_SOURCE=3 adds extra glibc (dynamic) fortification checks
> when using GCC 12.
>
> This adds a configure check to see if -D_FORTIFY_SOURCE=3 can be
> used.
> If not, configure will fall back to -D_FORTIFY_SOURCE=2.
>
> On some older glibc versions (glibc 2.17) using -D_FORTIFY_SOURCE=3
> provides the same fortification as _FORTIFY_SOURCE=2. On some newer
> glibc versions and older GCC (glibc 2.34 amd gcc 11) using
> -D_FORTIFY_SOURCE=3 produces a not supported warning (and we fall
> back to -D_FORTIFY_SOURCE=2). With newer glibc and newer GCC versions
> (glibc 2.35 and gcc 12) -D_FORTIFY_SOURCE=3 will use the newer
> dynamic
> fortification checks.
>
> This patch also makes sure that AC_PROG_CXX is used earlier so that
> CXXFLAGS is always setup correctly (even if we then don't use it).
> And it outputs both the CFLAGS and CXXFLAGS as used at the end.
Pushed.
Cheers,
Mark
@@ -1,3 +1,9 @@
+2022-03-10 Mark Wielaard <mark@klomp.org>
+
+ * configure.ac: Move AC_PROG_CXX earlier. Check for both
+ -D_FORTIFY_SOURCE=3 and -D_FORTIFY_SOURCE=2 support. Also
+ set CXXFLAGS. Output final CFLAGS and CXXFLAGS setting.
+
2021-12-04 Mark Wielaard <mark@klomp.org>
* configure.ac: Add --enable-sanitize-address.
@@ -2,6 +2,7 @@ dnl Process this file with autoconf to produce a configure script.
dnl Configure input file for elfutils. -*-autoconf-*-
dnl
dnl Copyright (C) 1996-2019 Red Hat, Inc.
+dnl Copyright (C) 2022 Mark J. Wielaard <mark@klomp.org>
dnl
dnl This file is part of elfutils.
dnl
@@ -88,6 +89,7 @@ AS_IF([test "$use_locks" = yes],
AH_TEMPLATE([USE_LOCKS], [Defined if libraries should be thread-safe.])
AC_PROG_CC_C99
+AC_PROG_CXX
AC_PROG_RANLIB
AC_PROG_YACC
AM_PROG_LEX
@@ -231,25 +233,38 @@ AC_CACHE_CHECK([whether fts.h is bad when included (with LFS)], ac_cv_bad_fts,
AS_IF([test "x$ac_cv_bad_fts" = "xyes"],
[CFLAGS="$CFLAGS -DBAD_FTS=1" CXXFLAGS="$CXXFLAGS -DBAD_FTS=1"])
-# See if we can add -D_FORTIFY_SOURCE=2. Don't do it if it is already
+# See if we can add -D_FORTIFY_SOURCE=2 or =3. Don't do it if it is already
# (differently) defined or if it generates warnings/errors because we
# don't use the right optimisation level (string.h will warn about that).
-AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 to CFLAGS])
+AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 or =3 to CFLAGS])
case "$CFLAGS" in
- *-D_FORTIFY_SOURCE=2*)
+ *-D_FORTIFY_SOURCE=*)
AC_MSG_RESULT([no, already there])
;;
*)
save_CFLAGS="$CFLAGS"
- CFLAGS="-D_FORTIFY_SOURCE=2 $CFLAGS -Werror"
+ # Try 3 first.
+ CFLAGS="-D_FORTIFY_SOURCE=3 $save_CFLAGS -Werror"
+ fortified_cflags=""
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
#include <string.h>
int main() { return 0; }
- ]])], [ AC_MSG_RESULT([yes])
- CFLAGS="-D_FORTIFY_SOURCE=2 $save_CFLAGS" ],
- [ AC_MSG_RESULT([no])
- CFLAGS="$save_CFLAGS"])
- ;;
+ ]])], [ AC_MSG_RESULT([yes -D_FORTIFY_SOURCE=3])
+ fortified_cflags="-D_FORTIFY_SOURCE=3" ], [])
+
+ # If that didn't work, try 2.
+ if test -z "$fortified_cflags"; then
+ CFLAGS="-D_FORTIFY_SOURCE=2 $save_CFLAGS -Werror"
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+ #include <string.h>
+ int main() { return 0; }
+ ]])], [ AC_MSG_RESULT([yes -D_FORTIFY_SOURCE=2])
+ fortified_cflags="-D_FORTIFY_SOURCE=2" ],
+ [ AC_MSG_RESULT([no, cannot be used])])
+ fi
+ CFLAGS="$fortified_cflags $save_CFLAGS"
+ CXXFLAGS="$fortified_cflags $CXXFLAGS"
+ ;;
esac
dnl enable debugging of branch prediction.
@@ -757,7 +772,6 @@ AM_CONDITIONAL([DUMMY_LIBDEBUGINFOD],[test "x$enable_libdebuginfod" = "xdummy"])
# Look for libmicrohttpd, libarchive, sqlite for debuginfo server
# minimum versions as per rhel7.
AC_ARG_ENABLE([debuginfod],AC_HELP_STRING([--enable-debuginfod], [Build debuginfod server]))
-AC_PROG_CXX
AS_IF([test "x$enable_debuginfod" != "xno"], [
AC_MSG_NOTICE([checking debuginfod C++11 support, --disable-debuginfod to skip])
AX_CXX_COMPILE_STDCXX(11, noext, mandatory)
@@ -804,6 +818,9 @@ AC_MSG_NOTICE([
Maintainer mode : ${enable_maintainer_mode}
build arch : ${ac_cv_build}
+ CFLAGS=${CFLAGS}
+ CXXFLAGS=${CXXFLAGS}
+
RECOMMENDED FEATURES (should all be yes)
gzip support : ${with_zlib}
bzip2 support : ${with_bzlib}