[Openvas-commits] r9531 - in trunk/openvas-libraries: . base hg misc nasl omp

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Nov 26 11:05:14 CET 2010 

Author: mwiegand
Date: 2010-11-26 11:05:13 +0100 (Fri, 26 Nov 2010)
New Revision: 9531

Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/base/CMakeLists.txt
   trunk/openvas-libraries/hg/CMakeLists.txt
   trunk/openvas-libraries/misc/CMakeLists.txt
   trunk/openvas-libraries/nasl/CMakeLists.txt
   trunk/openvas-libraries/omp/CMakeLists.txt
Log:
* base/CMakeLists.txt, hg/CMakeLists.txt, misc/CMakeLists.txt,
  nasl/CMakeLists.txt, omp/CMakeLists.txt: Add a collection of code
  hardening flags to CMAKE_C_FLAGS, inspired by hardening-wrapper on
  Debian.


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2010-11-26 10:00:10 UTC (rev 9530)
+++ trunk/openvas-libraries/ChangeLog	2010-11-26 10:05:13 UTC (rev 9531)
@@ -1,5 +1,12 @@
 2010-11-26  Michael Wiegand <michael.wiegand at greenbone.net>
 
+	* base/CMakeLists.txt, hg/CMakeLists.txt, misc/CMakeLists.txt,
+	nasl/CMakeLists.txt, omp/CMakeLists.txt: Add a collection of code
+	hardening flags to CMAKE_C_FLAGS, inspired by hardening-wrapper on
+	Debian.
+
+2010-11-26  Michael Wiegand <michael.wiegand at greenbone.net>
+
 	* nasl/nasl_cmd_exec.c (nasl_fwrite): Check return value of call to
 	ftruncate () and report an error if the call failed.
 

Modified: trunk/openvas-libraries/base/CMakeLists.txt
===================================================================
--- trunk/openvas-libraries/base/CMakeLists.txt	2010-11-26 10:00:10 UTC (rev 9530)
+++ trunk/openvas-libraries/base/CMakeLists.txt	2010-11-26 10:05:13 UTC (rev 9531)
@@ -138,9 +138,11 @@
 
 ## Library
 
+set (HARDENING_FLAGS            "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
+
 if (NOT MINGW)
   set (CMAKE_C_FLAGS_DEBUG        "${CMAKE_C_FLAGS_DEBUG}")
-  set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} -Wall -Werror -fPIC")
+  set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -Werror -fPIC")
 endif (NOT MINGW)
 
 if (MINGW)

Modified: trunk/openvas-libraries/hg/CMakeLists.txt
===================================================================
--- trunk/openvas-libraries/hg/CMakeLists.txt	2010-11-26 10:00:10 UTC (rev 9530)
+++ trunk/openvas-libraries/hg/CMakeLists.txt	2010-11-26 10:05:13 UTC (rev 9531)
@@ -135,9 +135,10 @@
 include_directories(../misc)
 
 # Library
+set (HARDENING_FLAGS            "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
 
 set (CMAKE_C_FLAGS_DEBUG        "${CMAKE_C_FLAGS_DEBUG}")
-set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} -Wall -Werror -fPIC")
+set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -Werror -fPIC")
 
 set (FILES hg_add_hosts.c hg_debug.c hg_dns_axfr.c hg_filter.c hg_subnet.c 
            hg_utils.c hosts_gatherer.c)

Modified: trunk/openvas-libraries/misc/CMakeLists.txt
===================================================================
--- trunk/openvas-libraries/misc/CMakeLists.txt	2010-11-26 10:00:10 UTC (rev 9530)
+++ trunk/openvas-libraries/misc/CMakeLists.txt	2010-11-26 10:05:13 UTC (rev 9531)
@@ -175,8 +175,10 @@
 
 # Library
 
+set (HARDENING_FLAGS            "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
+
 set (CMAKE_C_FLAGS_DEBUG        "${CMAKE_C_FLAGS_DEBUG}")
-set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} -Wall -Werror -fPIC")
+set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -Werror -fPIC")
 
 if (MINGW)
   set (FILES openvas_auth.c openvas_server.c proctitle.c)

Modified: trunk/openvas-libraries/nasl/CMakeLists.txt
===================================================================
--- trunk/openvas-libraries/nasl/CMakeLists.txt	2010-11-26 10:00:10 UTC (rev 9530)
+++ trunk/openvas-libraries/nasl/CMakeLists.txt	2010-11-26 10:05:13 UTC (rev 9531)
@@ -142,9 +142,11 @@
 
 ## Library
 
+set (HARDENING_FLAGS            "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
+
 set (CMAKE_C_FLAGS_DEBUG        "${CMAKE_C_FLAGS_DEBUG}")
 # The "-D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1" is necessary for GPGME!
-set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} -Wall -Werror -D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1")
+set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -Werror -D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1")
 
 
 ## Compile the parser - note that there are (better) CMake macros to achieve

Modified: trunk/openvas-libraries/omp/CMakeLists.txt
===================================================================
--- trunk/openvas-libraries/omp/CMakeLists.txt	2010-11-26 10:00:10 UTC (rev 9530)
+++ trunk/openvas-libraries/omp/CMakeLists.txt	2010-11-26 10:05:13 UTC (rev 9531)
@@ -133,8 +133,10 @@
 
 ## Library
 
+set (HARDENING_FLAGS            "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
+
 set (CMAKE_C_FLAGS_DEBUG        "${CMAKE_C_FLAGS_DEBUG}")
-set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} -Wall -Werror")
+set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -Werror")
 
 set (FILES xml.c omp.c)

More information about the Openvas-commits mailing list