From: Brian Aker Date: Wed, 5 Sep 2012 05:20:56 +0000 (-0400) Subject: Update hardening rules. X-Git-Tag: 1.0.11~6 X-Git-Url: https://git.m6w6.name/?a=commitdiff_plain;h=535cb0763dff986a148356bf58dd91f15ad8ed39;p=m6w6%2Flibmemcached Update hardening rules. --- diff --git a/.bzrignore b/.bzrignore index 6e70eae1..ca98e6ef 100644 --- a/.bzrignore +++ b/.bzrignore @@ -150,3 +150,4 @@ tests/testudp tests/var/ tmp_chroot unittests/unittests +m4/.git diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4 index 65cfdf5f..2b061201 100644 --- a/m4/ax_harden_compiler_flags.m4 +++ b/m4/ax_harden_compiler_flags.m4 @@ -8,7 +8,7 @@ # # DESCRIPTION # -# Any compiler flag that "hardens" or tests code. +# Any compiler flag that "hardens" or tests code. C99 is assumed. # # NOTE: Implementation based on AX_APPEND_FLAG. # @@ -45,11 +45,28 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# The Following flags are not checked for +# -Wdeclaration-after-statement is counter to C99 + #serial 1 AC_DEFUN([AX_HARDEN_COMPILER_FLAGS], [AC_REQUIRE([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_CHECK_LINK_FLAG]) +AC_LANG_PUSH([C]) +AX_APPEND_COMPILE_FLAGS([-O2]) +AX_APPEND_COMPILE_FLAGS([-Werror]) +AX_APPEND_COMPILE_FLAGS([-Wall]) +AX_APPEND_COMPILE_FLAGS([-Wextra]) +AX_APPEND_COMPILE_FLAGS([-std=c99]) +AX_APPEND_COMPILE_FLAGS([-Wbad-function-cast]) +AX_APPEND_COMPILE_FLAGS([-Wmissing-prototypes]) +AX_APPEND_COMPILE_FLAGS([-Wnested-externs]) +AX_APPEND_COMPILE_FLAGS([-Wold-style-definition]) +AX_APPEND_COMPILE_FLAGS([-Woverride-init]) +AX_APPEND_COMPILE_FLAGS([-Wstrict-prototypes]) +AC_LANG_POP +AC_LANG_PUSH([C++]) AX_APPEND_COMPILE_FLAGS([-O2]) AX_APPEND_COMPILE_FLAGS([-Werror]) AX_APPEND_COMPILE_FLAGS([-Wall]) @@ -61,20 +78,18 @@ AX_APPEND_COMPILE_FLAGS([--paramssp-buffer-size=1]) AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2]) AX_APPEND_COMPILE_FLAGS([-Waddress]) AX_APPEND_COMPILE_FLAGS([-Warray-bounds]) -AX_APPEND_COMPILE_FLAGS([-Wbad-function-cast]) AX_APPEND_COMPILE_FLAGS([-Wchar-subscripts]) AX_APPEND_COMPILE_FLAGS([-Wcomment]) -AX_APPEND_COMPILE_FLAGS([-Wdeclaration-after-statement]) +AX_APPEND_COMPILE_FLAGS([-Wctor-dtor-privacy]) AX_APPEND_COMPILE_FLAGS([-Wfloat-equal]) AX_APPEND_COMPILE_FLAGS([-Wformat=2]) +AX_APPEND_COMPILE_FLAGS([-Wlong-long]) AX_APPEND_COMPILE_FLAGS([-Wmaybe-uninitialized]) AX_APPEND_COMPILE_FLAGS([-Wmissing-field-initializers]) AX_APPEND_COMPILE_FLAGS([-Wmissing-noreturn]) -AX_APPEND_COMPILE_FLAGS([-Wmissing-prototypes]) -AX_APPEND_COMPILE_FLAGS([-Wnested-externs]) +AX_APPEND_COMPILE_FLAGS([-Wnon-virtual-dtor]) AX_APPEND_COMPILE_FLAGS([-Wnormalized=id]) -AX_APPEND_COMPILE_FLAGS([-Wold-style-definition]) -AX_APPEND_COMPILE_FLAGS([-Woverride-init]) +AX_APPEND_COMPILE_FLAGS([-Woverloaded-virtual]) AX_APPEND_COMPILE_FLAGS([-Wpointer-arith]) AX_APPEND_COMPILE_FLAGS([-Wredundant-decls]) AX_APPEND_COMPILE_FLAGS([-Wshadow]) @@ -82,7 +97,6 @@ AX_APPEND_COMPILE_FLAGS([-Wshorten-64-to-32]) AX_APPEND_COMPILE_FLAGS([-Wsign-compare]) AX_APPEND_COMPILE_FLAGS([-Wstack-protector]) AX_APPEND_COMPILE_FLAGS([-Wstrict-overflow=1]) -AX_APPEND_COMPILE_FLAGS([-Wstrict-prototypes]) AX_APPEND_COMPILE_FLAGS([-Wswitch-enum]) AX_APPEND_COMPILE_FLAGS([-Wundef]) AX_APPEND_COMPILE_FLAGS([-Wunused-result]) @@ -94,4 +108,5 @@ AX_APPEND_COMPILE_FLAGS([-fwrapv]) AX_APPEND_COMPILE_FLAGS([-ggdb]) AX_CHECK_LINK_FLAG([-Werror]) AX_CHECK_LINK_FLAG([-z relro -z now]) +AC_LANG_POP ])dnl AX_HARDEN_COMPILER_FLAGS diff --git a/m4/ax_pthread_timedjoin_np.m4 b/m4/ax_pthread_timedjoin_np.m4 new file mode 100644 index 00000000..833b2846 --- /dev/null +++ b/m4/ax_pthread_timedjoin_np.m4 @@ -0,0 +1,48 @@ +# =========================================================================== +# http:// +# =========================================================================== +# +# SYNOPSIS +# +# AX_LIB_UUID +# +# DESCRIPTION +# +# Check for pthread_timedjoin_np support. +# +# LICENSE +# +# Copyright (c) 2012 Brian Aker +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 2 + +AC_DEFUN([AX_PTHREAD_TIMEDJOIN_NP], [ + AC_CACHE_CHECK([check for pthread_timedjoin_np], [ax_cv_pthread_timedjoin_np], [ + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$PTHREAD_LIBS" + AC_LANG_PUSH([C]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([ +#include + ], [ + uuid_t out; + pthread_timedjoin_np(out); + ]), [ax_cv_pthread_timedjoin_np=yes ], [ax_cv_pthread_timedjoin_np=no ] + ]) + + AC_LANG_POP + LDFLAGS="$save_LDFLAGS" + + ]) + + AS_IF([test "$ax_cv_pthread_timedjoin_np" = yes],[ + AC_DEFINE(HAVE_PTHREAD_TIMEDJOIN_NP,[1],[Define if pthread_timedjoin_np is present in pthread.h.])],[ + AC_DEFINE(HAVE_PTHREAD_TIMEDJOIN_NP,[0],[Define if pthread_timedjoin_np is present in pthread.h.]) + ]) +]) + diff --git a/m4/have_cinttypes.m4 b/m4/have_cinttypes.m4 index b28c74ed..bcfea1c3 100644 --- a/m4/have_cinttypes.m4 +++ b/m4/have_cinttypes.m4 @@ -1,4 +1,3 @@ -# vim:ft=m4 # =========================================================================== # http://tangent.org/ # =========================================================================== diff --git a/m4/have_libpq.m4 b/m4/have_libpq.m4 new file mode 100644 index 00000000..5617e30c --- /dev/null +++ b/m4/have_libpq.m4 @@ -0,0 +1,23 @@ +dnl Copyright (C) 2011 Brian Aker (brian@tangent.org) + +AC_DEFUN([AX_HAVE_LIBPQ],[ + AC_ARG_ENABLE([libpq], + [AS_HELP_STRING([--disable-libpq], + [Build with libpq, ie Postgres, support @<:@default=on@:>@])], + [ac_cv_libpq="$enableval"], + [ac_cv_libpq="yes"]) + + AC_REQUIRE([AX_LIB_POSTGRESQL]) + + AS_IF([test "x$ac_cv_libpq" = "xyes" -a "x$found_postgresql" = "xyes"], + [ + AC_DEFINE([HAVE_LIBPQ], [ 1 ], [Enable libpq support]) + ], + [ + AC_DEFINE([HAVE_LIBPQ], [ 0 ], [Enable libpq support]) + # if --enable-libpq, but no Postgres, force --disable-libpq + ac_cv_libpq="no" + ]) + + AM_CONDITIONAL(HAVE_LIBPQ, [test "x$ac_cv_libpq" = "xyes"]) +]) diff --git a/m4/hiredis.m4 b/m4/hiredis.m4 new file mode 100644 index 00000000..06804178 --- /dev/null +++ b/m4/hiredis.m4 @@ -0,0 +1,34 @@ +dnl Copyright (C) 2011 Brian Aker (brian@tangent.org) + +AC_DEFUN([_SEARCH_LIBHIREDIS],[ + AC_REQUIRE([AX_CHECK_LIBRARY]) + + AS_IF([test "x$ac_enable_hires" = "xyes"],[ + AX_CHECK_LIBRARY([LIBHIREDIS], [hiredis/hiredis.h], [hiredis], + [ + LIBHIREDIS_LDFLAGS="-lhiredis" + AC_DEFINE([HAVE_HIREDIS], [1], [If Hiredis available]) + ], + [ + AC_DEFINE([HAVE_HIREDIS], [0], [If Hiredis is available]) + ac_enable_hires="no" + ]) + + ], + [ + AC_DEFINE([HAVE_HIREDIS], [0], [If Hiredis is available]) + ]) + + AM_CONDITIONAL(HAVE_HIREDIS, [test "x$ac_cv_lib_hiredis_main" = "xyes"]) + ]) + +AC_DEFUN([AX_HAVE_LIBHIREDIS],[ + + AC_ARG_ENABLE([hires], + [AS_HELP_STRING([--disable-hires], + [Build with hires support @<:@default=on@:>@])], + [ac_enable_hires="$enableval"], + [ac_enable_hires="yes"]) + + _SEARCH_LIBHIREDIS +]) diff --git a/m4/uuid.m4 b/m4/uuid.m4 new file mode 100644 index 00000000..9fc0cf33 --- /dev/null +++ b/m4/uuid.m4 @@ -0,0 +1,46 @@ +# =========================================================================== +# http:// +# =========================================================================== +# +# SYNOPSIS +# +# AX_LIB_UUID +# +# DESCRIPTION +# +# Check for uuid, and uuid_generate_time_safe support. +# +# LICENSE +# +# Copyright (c) 2012 Brian Aker +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 2 + +AC_DEFUN([AX_UUID_GENERATE_TIME_SAFE], [ + AC_CACHE_CHECK([check for uuid_generate_time_safe], [ax_cv_uuid_generate_time_safe], [ + save_LDFLAGS="$LDFLAGS" + LDFLAGS="-luuid" + AC_LANG_PUSH([C]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([ +#include + ], [ + uuid_t out; + uuid_generate_time_safe(out); + ]), [ax_cv_uuid_generate_time_safe=yes ], [ax_cv_uuid_generate_time_safe=no ] + ]) + + AC_LANG_POP + LDFLAGS="$save_LDFLAGS" + ]) + + AS_IF([test "$ax_cv_uuid_generate_time_safe" = yes],[ + AC_DEFINE(HAVE_UUID_GENERATE_TIME_SAFE,[1],[Define if uuid_generate_time_safe is present in uuid/uuid.h.])],[ + AC_DEFINE(HAVE_UUID_GENERATE_TIME_SAFE,[0],[Define if uuid_generate_time_safe is present in uuid/uuid.h.]) + ]) +])