summary refs log tree commit diff
path: root/m4/ax_add_fortify_source.m4
diff options
context:
space:
mode:
Diffstat (limited to 'm4/ax_add_fortify_source.m4')
-rw-r--r--m4/ax_add_fortify_source.m480
1 files changed, 80 insertions, 0 deletions
diff --git a/m4/ax_add_fortify_source.m4 b/m4/ax_add_fortify_source.m4
new file mode 100644
index 0000000..7e15312
--- /dev/null
+++ b/m4/ax_add_fortify_source.m4
@@ -0,0 +1,80 @@
+# ===========================================================================
+#  https://www.gnu.org/software/autoconf-archive/ax_add_fortify_source.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_ADD_FORTIFY_SOURCE
+#
+# DESCRIPTION
+#
+#   Check whether -D_FORTIFY_SOURCE=2 can be added to CPPFLAGS without macro
+#   redefinition warnings, other cpp warnings or linker. Some distributions
+#   (such as Gentoo Linux) enable _FORTIFY_SOURCE globally in their
+#   compilers, leading to unnecessary warnings in the form of
+#
+#     <command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
+#     <built-in>: note: this is the location of the previous definition
+#
+#   which is a problem if -Werror is enabled. This macro checks whether
+#   _FORTIFY_SOURCE is already defined, and if not, adds -D_FORTIFY_SOURCE=2
+#   to CPPFLAGS.
+#
+#   Newer mingw-w64 msys2 package comes with a bug in
+#   headers-git-7.0.0.5546.d200317d-1. It broke -D_FORTIFY_SOURCE support,
+#   and would need -lssp or -fstack-protector.  See
+#   https://github.com/msys2/MINGW-packages/issues/5803. Try to actually
+#   link it.
+#
+# LICENSE
+#
+#   Copyright (c) 2017 David Seifert <soap@gentoo.org>
+#   Copyright (c) 2019 Reini Urban <rurban@cpan.org>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved.  This file is offered as-is, without any
+#   warranty.
+
+#serial 4
+
+AC_DEFUN([AX_ADD_FORTIFY_SOURCE],[
+    ac_save_cflags=$CFLAGS
+    ac_cwerror_flag=yes
+    AX_CHECK_COMPILE_FLAG([-Werror],[CFLAGS="$CFLAGS -Werror"])
+    AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS])
+    AC_LINK_IFELSE([
+        AC_LANG_PROGRAM([],
+            [[
+                #ifndef _FORTIFY_SOURCE
+                    return 0;
+                #else
+                    this_is_an_error;
+                #endif
+            ]]
+        )],
+        AC_LINK_IFELSE([
+            AC_LANG_SOURCE([[
+                #define _FORTIFY_SOURCE 2
+                #include <string.h>
+                int main() {
+                    char *s = " ";
+                    strcpy(s, "x");
+                    return strlen(s)-1;
+                }
+              ]]
+            )],
+            [
+              AC_MSG_RESULT([yes])
+              CFLAGS=$ac_save_cflags
+              CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+            ], [
+              AC_MSG_RESULT([no])
+              CFLAGS=$ac_save_cflags
+            ],
+        ),
+        [
+          AC_MSG_RESULT([no])
+          CFLAGS=$ac_save_cflags
+        ])
+])
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-22 12:13:59 +0000
it_rooturl is not guaranteed to be HTML-safe. Signed-off-by: John Keeping <john@keeping.me.uk> 2014-01-12ui-shared: URL-escape script_nameJohn Keeping As far as I know, there is no requirement that $SCRIPT_NAME contain only URL-safe characters, so we need to make sure that any special characters are escaped. Signed-off-by: John Keeping <john@keeping.me.uk> 2014-01-12ui-refs: escape HTML chars in author and tagger namesJohn Keeping Everywhere else we use html_txt to escape any special characters in these variables. Do so here as well. Signed-off-by: John Keeping <john@keeping.me.uk> 2014-01-12filter: pass extra arguments via cgit_open_filterJohn Keeping This avoids poking into the filter data structure at various points in the code. We rely on the fact that the number of arguments is fixed based on the filter type (set in cgit_new_filter) and that the call sites all know which filter type they're using. Signed-off-by: John Keeping <john@keeping.me.uk> 2014-01-12ui-snapshot: set unused cgit_filter fields to zeroJohn Keeping By switching the assignment of fields in the cgit_filter structure to use designated initializers, the compiler will initialize all other fields to their default value. This will be needed when we add the extra_args field in the next patch. Signed-off-by: John Keeping <john@keeping.me.uk> 2014-01-12html: remove redundant htmlfd variableJohn Keeping This is never changed from STDOUT_FILENO, so just use that value directly. Signed-off-by: John Keeping <john@keeping.me.uk> 2014-01-12tests: add Valgrind supportJohn Keeping Now running tests with the "--valgrind" option will run cgit under Valgrind instead of all Git commands. Signed-off-by: John Keeping <john@keeping.me.uk> 2014-01-12cache: don't leave cache_slot fields uninitializedJohn Keeping Valgrind says: ==18344== Conditional jump or move depends on uninitialised value(s) ==18344== at 0x406C83: open_slot (cache.c:63) ==18344== by 0x407478: cache_ls (cache.c:403) ==18344== by 0x404C9A: process_request (cgit.c:639) ==18344== by 0x406BD2: fill_slot (cache.c:190) ==18344== by 0x4071A0: cache_process (cache.c:284) ==18344== by 0x404461: main (cgit.c:952) ==18344== Uninitialised value was created by a stack allocation ==18344== at 0x40738B: cache_ls (cache.c:375) This is caused by the keylen field being used to calculate whether or not a slot is matched. We never then check the value of this and the length of data read depends on the key length read from the file so this isn't dangerous, but it's nice to avoid branching based on uninitialized data. Signed-off-by: John Keeping <john@keeping.me.uk> 2014-01-10filter: split filter functions into their own fileJason A. Donenfeld A first step for more interesting things. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-10filter: make exit status localJason A. Donenfeld It's only used in one place, and not useful to have around since close_filter will die() if exit_status isn't what it expects, anyway. So this is best as just a local variable instead of as part of the struct. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-10parsing: fix header typoJason A. Donenfeld 2014-01-10cgit.c: Fix comment on bit mask hackLukas Fleischer * Formatting and spelling fixes. * A bit mask with the size of one byte only allows for storing 8 (not 255!) different flags. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-10cgit.c: Use "else" for mutually exclusive branchesLukas Fleischer When parsing command line arguments, no pair of command line options can ever match simultaneously. Use "else if" blocks to reflect this. This change improves both readability and speed. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-10ui-snapshot.c: Do not reinvent suffixcmp()Lukas Fleischer Use suffixcmp() from Git instead of reimplementing it. This is a preparation for moving to ends_with() in Git 1.8.6. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-10Refactor cgit_parse_snapshots_mask()Lukas Fleischer Use Git string lists instead of str{spn,cspn,ncmp}() magic. This significantly improves readability. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-10Disallow use of undocumented snapshot delimitersLukas Fleischer Since the introduction of selective snapshot format configuration in dc3c9b5 (allow selective enabling of snapshots, 2007-07-21), we allowed seven different delimiters for snapshot formats, while the documentation has always been clear about spaces being the only valid delimiter: The value is a space-separated list of zero or more of the values "tar", "tar.gz", "tar.bz2", "tar.xz" and "zip". Supporting the undocumented delimiters makes the code unnecessarily complex. Remove them. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-10Replace most uses of strncmp() with prefixcmp()Lukas Fleischer This is a preparation for replacing all prefix checks with either strip_prefix() or starts_with() when Git 1.8.6 is released. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-09README: Fix dependenciesLukas Fleischer * Remove the dependency on Git (which can be obtained automatically when building, using either the Git submodule or `make get-git`). * Use proper upstream names of dependencies. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-08README: Spelling and formatting fixesLukas Fleischer * Several small spelling and capitalization fixes. * Use consistent and better-looking formatting that is compatible with AsciiDoc (and partly compatible with RST). Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-08Fix UTF-8 with syntax-highlighting.pyPřemysl Janouch Previously the script tried to encode output from Pygments with the ASCII codec, which failed. Signed-off-by: Přemysl Janouch <p.janouch@gmail.com> 2014-01-08Add a suggestion to the manpagePřemysl Janouch So that people wishing to use "enable-http-clone" don't have to find out the correct settings on their own. Signed-off-by: Přemysl Janouch <p.janouch@gmail.com> 2014-01-08Fix the example configurationPřemysl Janouch "enable-git-clone" doesn't exist, replaced with "enable-http-clone". Signed-off-by: Přemysl Janouch <p.janouch@gmail.com> 2014-01-08Fix about-formatting.shPřemysl Janouch dash failed to parse the script. Signed-off-by: Přemysl Janouch <p.janouch@gmail.com> 2014-01-08Fix some spelling errorsPřemysl Janouch Signed-off-by: Přemysl Janouch <p.janouch@gmail.com> 2014-01-08filters: highlight.sh: add css comments for highlight 2.6 and 3.8Ferry Huberts