From 379e19a21ba6937215bcd3eb9db8d5d54c286eae Mon Sep 17 00:00:00 2001
From: Sebastian Harl <sh@tokkee.org>
Date: Thu, 15 Oct 2009 23:59:26 +0200
Subject: [PATCH] configure.ac: Added --disable-hardening command line option.

This option may be used to disable harding options (enabled by default).
---
 configure.ac | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/configure.ac b/configure.ac
index e0fd5db..d3f05aa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -61,6 +61,36 @@ if test "x$enable_standards" = "xyes"; then
 	done
 fi
 
+dnl Hardening (see e.g. http://wiki.debian.org/Hardening for a motivation).
+AC_DEFINE([_FORTIFY_SOURCE], 2,
+		[Define to enable protection against static sized buffer overflows.])
+AC_ARG_ENABLE([hardening],
+		AS_HELP_STRING([--disable-hardening],
+				[Disable hardening options]),
+		[enable_hardening="$enableval"],
+		[enable_hardening="yes"])
+
+if test "x$enable_hardening" = "xyes"; then
+	hardening=0
+	hardening_tests=0
+	for flag in -Wformat -Wformat-security; do
+		hardening_tests=$(($hardening_tests + 1))
+		AC_MSG_CHECKING([whether $CC accepts $flag])
+
+		if test_cc_flags $flag; then
+			CFLAGS="$CFLAGS $flag"
+			hardening=$(($hardening + 1))
+			AC_MSG_RESULT([yes])
+		else
+			AC_MSG_RESULT([no])
+		fi
+	done
+	if test $hardening -ne $hardening_tests; then
+		AC_MSG_WARN(
+				[Some hardening options are not supported by your compiler!])
+	fi
+fi
+
 for flag in -Wall -Wextra -Werror; do
 	AC_MSG_CHECKING([whether $CC accepts $flag])
 
-- 
2.30.2