From 4e57e23833fa93627e6e54e2df069775e99244fc Mon Sep 17 00:00:00 2001
From: Philip Kaufmann <phil.kaufmann@t-online.de>
Date: Sat, 5 Oct 2013 13:02:47 +0200
Subject: [PATCH 1/2] enable full GCC Stack-smashing protection for all OSes

- change our hardening options to use -fstack-protector-all even for
  Windows builds, as we recently switched to a newer compiler suite
- also removes an obsolete workaround for GCC 4.5
  (https://bugs.launchpad.net/ubuntu/+source/gcc-4.5/+bug/691722), which
  required to first set -fno-stack-protector, before -fstack-protector-all
---
 configure.ac | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 973f4398d..e29ec1550 100644
--- a/configure.ac
+++ b/configure.ac
@@ -284,6 +284,7 @@ AX_CHECK_LINK_FLAG([[-Wl,--large-address-aware]], [LDFLAGS="$LDFLAGS -Wl,--large
 
 if test x$use_hardening != xno; then
   AX_CHECK_COMPILE_FLAG([-Wstack-protector],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -Wstack-protector"])
+  AX_CHECK_COMPILE_FLAG([-fstack-protector-all],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fstack-protector-all"])
   AX_CHECK_COMPILE_FLAG([-fPIE],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fPIE"])
 
   AX_CHECK_PREPROC_FLAG([-D_FORTIFY_SOURCE=2],[
@@ -299,10 +300,6 @@ if test x$use_hardening != xno; then
   AX_CHECK_LINK_FLAG([[-Wl,-z,now]], [LDFLAGS="-Wl,-z,now"])
 
   if test x$TARGET_OS != xwindows; then
-    # -fstack-protector-all can produce broken binaries with mingw
-    AX_CHECK_COMPILE_FLAG([-fno-stack-protector],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fno-stack-protector"])
-    AX_CHECK_COMPILE_FLAG([-fstack-protector-all],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fstack-protector-all"])
-
     # -pie will link successfully with MinGW, but it's unsupported and leads to undeterministic binaries
     AX_CHECK_LINK_FLAG([[-pie]], [HARDENED_LDFLAGS="$HARDENED_LDFLAGS -pie"])
   fi

From 6ac0b3be2d5c5277805c16b56ee5b2e59ba9e84c Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
Date: Wed, 22 Jan 2014 08:44:24 +0100
Subject: [PATCH 2/2] build: Add -static for mingw builds

This avoids a dependency on libssp-0.dll when built with
-fstack-protector-all.
---
 configure.ac | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure.ac b/configure.ac
index e29ec1550..e2eded84e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -175,6 +175,7 @@ case $host in
      AC_CHECK_LIB([iphlpapi],      [main],, AC_MSG_ERROR(lib missing))
      AC_CHECK_LIB([crypt32],      [main],, AC_MSG_ERROR(lib missing))
 
+     AX_CHECK_LINK_FLAG([[-static]],[LDFLAGS="$LDFLAGS -static"])
      AX_CHECK_LINK_FLAG([[-static-libgcc]],[LDFLAGS="$LDFLAGS -static-libgcc"])
      AX_CHECK_LINK_FLAG([[-static-libstdc++]],[LDFLAGS="$LDFLAGS -static-libstdc++"])