libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit 86832243cf904b0bbae31471874b7abdf90e49d0
parent 5a2872c15f0fd2ceebdb8b5f959021698ddb44f0
Author: ng0 <ng0@n0.is>
Date:   Sun, 18 Aug 2019 10:18:58 +0000

Merge remote-tracking branch 'origin/master' into dev/ng0/gsoc2019

Diffstat:

MChangeLog | 6+++++-


Mconfigure.ac | 30+++++++++++++++++++++++++++++-


2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
@@ -1,4 +1,4 @@
-Fri 02 Aug 2019 00:00:00 PM UTC
+Fri 18 Aug 2019 00:00:00 PM UTC
     Fixes and optimizations for the setsockopt handling:
     * Added: MHD_UPGRADE_ACTION_CORK_ON and MHD_UPGRADE_ACTION_CORK_OFF
       to enum MHD_UpgradeAction (turn corking on/off on the underlying
@@ -9,6 +9,10 @@ Fri 02 Aug 2019 00:00:00 PM UTC
       this adds selective usage of MSG_MORE, NODELAY, TCP_NOPUSH,
       TCP_CORK. -ng0
 
+Fri 09 Aug 2019 10:07:27 AM CEST
+    Copy compiler and linker hardening flags from GNUnet (updating
+    configure.ac). -CG
+
 Thu 01 Aug 2019 01:23:36 PM CEST
     Releasing libmicrohttpd 0.9.66. -CG
 
diff --git a/configure.ac b/configure.ac
@@ -81,6 +81,34 @@ AM_CONDITIONAL([HAVE_PO], [ test "$have_po" = yes ])
 
 
 
+
+# Adam shostack suggests the following for Windows:
+# -D_FORTIFY_SOURCE=2 -fstack-protector-all
+AC_ARG_ENABLE(gcc-hardening,
+   AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[AS_IF([test x$enableval = xyes],[
+    CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+    CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+    CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+    LDFLAGS="$LDFLAGS -pie"
+ ])])
+
+# Linker hardening options
+# Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+  AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
+[AS_IF([test x$enableval = xyes],
+   [LDFLAGS="$LDFLAGS -z relro -z now"])])
+
+
+AC_ARG_ENABLE(sanitizer,
+  AS_HELP_STRING(--enable-sanitizer, enable Address Sanitizer and Undefined Behavior Sanitizer),
+[AS_IF([test x$enableval = xyes],[
+   LDFLAGS="$CFLAGS -fsanitize=address,undefined -fno-omit-frame-pointer"
+ ])])
+
+
+
 # Workaround for libgcrypt
 AS_IF([[test "x$lt_sysroot" != "x" && test "x$SYSROOT" = "x"]], [[SYSROOT="$lt_sysroot"]])
 
@@ -812,7 +840,7 @@ AC_INCLUDES_DEFAULT
   ]
 )
 
-AC_CHECK_MEMBERS([struct sockaddr_in.sin_len, struct sockaddr_in6.sin6_len, 
+AC_CHECK_MEMBERS([struct sockaddr_in.sin_len, struct sockaddr_in6.sin6_len,
                   struct sockaddr_storage.ss_len],
    [], [],
    [