commit ea209f884b90d1d38e6e40848a8b32f70ebd2d8b parent 2521ecc1b511f6ce4ccb9b133b18d4e7ae52cdb0 Author: David Goulet <dgoulet@torproject.org> Date: Tue, 7 Oct 2025 15:02:04 -0400 Merge branch 'tor-gitlab/mr/943' into maint-0.4.8 Diffstat:
| A | changes/gcc-fcf | | | 3 | +++ |
| M | configure.ac | | | 9 | +++++++++ |
2 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/changes/gcc-fcf b/changes/gcc-fcf @@ -0,0 +1,3 @@ + o Minor feature (compiler flag): + - Add -fcf-protection=full if supported by the compiler. Fixes 41139. + diff --git a/configure.ac b/configure.ac @@ -1490,6 +1490,15 @@ dnl we should try to add -fasynchronous-unwind-tables so that our backtrace dnl code will work. TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables) +# From https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html: +# +# Enable code instrumentation to increase program security by checking that +# target addresses of control-flow transfer instructions are valid. This +# prevents diverting the flow of control to an unexpected target. This is +# intended to protect against such threats as Return-oriented Programming +# (ROP), and similarly call/jmp-oriented programming (COP/JOP). +TOR_CHECK_CFLAGS(-fcf-protection=full) + dnl ============================================================ dnl Check for libseccomp