Displaying 3 results from an estimated 3 matches for "use_toolchain_hardening".
2018 Feb 05
2
add Spectre variant 2 mitigations
...100644
--- a/configure.ac
+++ b/configure.ac
@@ -163,6 +163,10 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
if test "x$use_toolchain_hardening" = "x1"; then
+ OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
+ OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc
+ OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
+ OSSH_CHECK_CFLAG_LINK([-z retpolineplt]) # clang
OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])...
2023 Jun 17
2
[PATCH] ssh-agent: add systemd socket-based activation
...d=no
+AC_ARG_WITH([systemd],
+ [ --with-systemd Enable use of systemd socket-based activation ],
+ [ if test "x$withval" = "xyes" ; then
+ systemd=yes
+ AC_DEFINE([WITH_SYSTEMD], [1], [enable systemd socket-based activation])
+ fi
+ ]
+)
+
use_stack_protector=1
use_toolchain_hardening=1
AC_ARG_WITH([stackprotect],
@@ -3376,6 +3386,18 @@ AC_CHECK_LIB([crypt], [crypt], [
AC_CHECK_FUNCS([crypt])
LIBS="$saved_LIBS"
+if test "x$systemd" == "xyes" ; then
+ # Check for sd_listen_fds in libsystemd for socket activation
+ saved_LIBS="$LIBS"
+...
2018 Jun 07
2
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
...-lssh -lopenbsd-compat -lutil -lz -lcrypt -lresolv
/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'
/usr/bin/ld: use the --help option for usage information
make: *** [Makefile:172: ssh] Error 1
The ldflags check originates in
cat configure.ac
...
164 if test "x$use_toolchain_hardening" = "x1"; then
OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc
OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
!! OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
OSSH_CHECK_CFLAG_COMPILE([-D_FORT...