Merge pull request #1856 from Diapolo/stack-protector_nonWindows

Bitcoin-Qt: expand GCC Stack-Smashing Protector usage (non Windows)
This commit is contained in:
Wladimir J. van der Laan 2012-09-25 01:41:38 -07:00
commit 6a34def27e

View file

@ -30,6 +30,13 @@ contains(RELEASE, 1) {
} }
} }
!win32 {
# for extra security against potential buffer overflows: enable GCCs Stack Smashing Protection
QMAKE_CXXFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
# We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable!
# This can be enabled for Windows, when we switch to MinGW >= 4.4.x.
}
# for extra security on Windows: enable ASLR and DEP via GCC linker flags # for extra security on Windows: enable ASLR and DEP via GCC linker flags
win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat
@ -82,12 +89,6 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) {
QTPLUGIN += qcncodecs qjpcodecs qtwcodecs qkrcodecs qtaccessiblewidgets QTPLUGIN += qcncodecs qjpcodecs qtwcodecs qkrcodecs qtaccessiblewidgets
} }
!windows {
# for extra security against potential buffer overflows
QMAKE_CXXFLAGS += -fstack-protector
QMAKE_LFLAGS += -fstack-protector
# do not enable this on windows cross compile with mingw 4.2.x, as it will result in a non-working executable!
}
# regenerate src/build.h # regenerate src/build.h
!windows|contains(USE_BUILD_INFO, 1) { !windows|contains(USE_BUILD_INFO, 1) {
@ -99,7 +100,7 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) {
DEFINES += HAVE_BUILD_INFO DEFINES += HAVE_BUILD_INFO
} }
QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter -Wstack-protector
# Input # Input
DEPENDPATH += src src/json src/qt DEPENDPATH += src src/json src/qt