commit b1f9824464dcaf998623be0a807678096c10feac parent 1015cda6ede368cd50f8d1c360eac4e358f0cd9f Author: David Goulet <dgoulet@torproject.org> Date: Tue, 7 Oct 2025 15:02:08 -0400 Merge branch 'maint-0.4.8' Diffstat:
| A | changes/gcc-fcf | | | 3 | +++ |
| M | configure.ac | | | 9 | +++++++++ |
2 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/changes/gcc-fcf b/changes/gcc-fcf @@ -0,0 +1,3 @@ + o Minor feature (compiler flag): + - Add -fcf-protection=full if supported by the compiler. Fixes 41139. + diff --git a/configure.ac b/configure.ac @@ -1496,6 +1496,15 @@ dnl we should try to add -fasynchronous-unwind-tables so that our backtrace dnl code will work. TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables) +# From https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html: +# +# Enable code instrumentation to increase program security by checking that +# target addresses of control-flow transfer instructions are valid. This +# prevents diverting the flow of control to an unexpected target. This is +# intended to protect against such threats as Return-oriented Programming +# (ROP), and similarly call/jmp-oriented programming (COP/JOP). +TOR_CHECK_CFLAGS(-fcf-protection=full) + dnl ============================================================ dnl Check for libseccomp