summaryrefslogtreecommitdiffstats
path: root/src/platformsupport/eglconvenience
diff options
context:
space:
mode:
authorGiuseppe D'Angelo <giuseppe.dangelo@kdab.com>2024-03-06 16:22:12 +0100
committerGiuseppe D'Angelo <giuseppe.dangelo@kdab.com>2024-03-19 02:52:43 +0100
commit9ff1e6d80bbd5b44b9ec4c0a837d9a4c962698e4 (patch)
tree1f56b9784ffd0a5bcc0bc7e7bbf2e962155f0b02 /src/platformsupport/eglconvenience
parenta89a916377f774ea55b43afc56cb89070097883f (diff)
Add hardening build optionsHEADdev
This commit enables hardened-specific checks and codegen, inspired by GCC 14's -fhardened command line switch and LLVM/libc++'s hardened modes. We enable (depending on compiler capabilities): * -ftrivial-auto-var-init=pattern; * -fstack-protector-strong; * -fstack-clash-protection; * -fcf-protection=full or /CETCOMPAT; * -D_FORTIFY_SOURCE=3 or 2 on Glibc, depending on the Glibc version, provided that some optimization level is enabled (release build or optimized debug build); * on libstdc++, -D_GLIBCXX_ASSERTIONS; * on libc++, -D_LIBCPP_HARDENING_MODE set to _LIBCPP_HARDENING_MODE_EXTENSIVE in debug and to _LIBCPP_HARDENING_MODE_FAST in release (_DEBUG is too slow); * -Wl,-z,relro,-z,now. This aligns us 100% with -fhardened (we already pass -fPIE and -pie anyhow). Some Linux distributions already ship GCC/Clang with some of these options enabled by default. The check for Intel CET has been amended to always test if the compiler supports the corresponding flag; and, if so, enable the feature. Before, it was behind a configure option and the test only checked if the compiler had CET support automatically active (the test didn't pass -fcf-protection to the compiler). The check for -fstack-protector-strong has been made general (rather than QNX-specific). We don't support QNX < 7 anyhow. Finally, the qt_config_linker_supports_flag_test test has been amended to also support MSVC. All of the hardening options are enabled by default. [ChangeLog][Build System] Qt builds by default in "hardened mode", meaning that a series of security-related compiler options are automatically enabled. In the unlikely case in which these options constitute an unacceptable performance hit, it is possible to disable individual hardening options when configuring Qt. Change-Id: I2c026b0438010ad10d5e7b1136fedf4ae3af8822 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/platformsupport/eglconvenience')
0 files changed, 0 insertions, 0 deletions