# --enable-mingw32 Use mingw32 for a Windows GUI
# --enable-static-linking Use static linking instead of dynamic linking (and not have
# to put all the .DLLs in the path or the same dir as Privoxy)
+# --disable-pcre2 Don't try to use the pcre2 library even if it's available
# --disable-pthread Use native threads instead of POSIX pthreads library
# --disable-dynamic-pcre Use the built-in, static pcre, even if libpcre is available
# --with-docbook=yes Enable docbook documentation creation
# In other words, if you set CFLAGS you need to include -O2 if you want optimization
# assume I'll set cflags below, so set O2 now
+export CPPFLAGS=""
+# start with initially empty flags
+
export LDFLAGS=""
# start with initially empty flags
-### CFLAGS="${CFLAGS} -fstack-protector-strong"
-### LDFLAGS="${LDFLAGS} -fstack-protector-strong"
-# enable stack checking. NOTE: need to specify when compiling _and_ linking
+CFLAGS="${CFLAGS} -fdiagnostics-color=always"
+# Have gcc diagnostics be in color even if stderr is not going to a terminal.
+# It's nice having warnings in color even if I run a script that does
+# 'make 2>&1 | tee log.make'
+
+CFLAGS="${CFLAGS} -fstack-protector-strong -D_FORTIFY_SOURCE=2"
+LDFLAGS="${LDFLAGS} -fstack-protector-strong"
+# -fstack-protector-strong: enable stack checking.
+# NOTE: need to specify when compiling _and_ linking
# stack-protector-strong: better balance between security and performance.
# This flag protects more kinds of vulnerable functions than -fstack-protector does,
# but not every function, providing better performance than -fstack-protector-all.
# see : https://en.wikipedia.org/wiki/Buffer_overflow_protection
# NOTE: needs static linking or the following in the path:
# /usr/i686-w64-mingw32/sys-root/mingw/bin/libssp-0.dll
+#
+# -D_FORTIFY_SOURCE: detect some buffer overflow errors
+# ***>> requires compiler optimization level 1 or above <<***
+# see : https://gcc.gnu.org/legacy-ml/gcc-patches/2004-09/msg02055.html
+# The difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 is e.g. for
+# struct S { struct T { char buf[5]; int x; } t; char buf[20]; } var;
+# With -D_FORTIFY_SOURCE=1,
+# strcpy (&var.t.buf[1], "abcdefg");
+# is not considered an overflow (object is whole VAR), while with -D_FORTIFY_SOURCE=2
+# strcpy (&var.t.buf[1], "abcdefg");
+# will be considered a buffer overflow.
### CFLAGS="${CFLAGS} -march=native"
# -march=cpu-type
LDFLAGS="${LDFLAGS} -Wl,--nxcompat"
# https://en.wikipedia.org/wiki/Data_Execution_Prevention
# Enable DEP with -Wl,--nxcompat
+# also called NX or nxcompat for "no execute" see: https://en.wikipedia.org/wiki/NX_bit
+# $ peflags -v privoxy.exe
+# privoxy.exe: coff(0x0106[+executable_image,+line_nums_stripped,+32bit_machine]) pe(0x0140[+dynamicbase,+nxcompat])
LDFLAGS="${LDFLAGS} -Wl,--dynamicbase,--export-all-symbols"
# https://en.wikipedia.org/wiki/Address_space_layout_randomization
# As a workaround, you can pass -Wl,--dynamicbase,--export-all-symbols
# NOTE: you can't have both this and profiling (cflags='-pg') enabled!
-#CFLAGS="${CFLAGS} -pg"
-#LDFLAGS="${LDFLAGS} -pg"
-# Generate extra code to write profile information suitable for the analysis program gprof.
-# Use this option when compiling the source files you want data about, and you must also use it when linking.
-# -- creates a "gmon.out" profile file when the program exits
-# -- then do 'gprof -b privoxy.exe gmon.out'
-# ??? WHY ??? profiling doesn't work if ASLR is enabled
-
-
-### CFLAGS="${CFLAGS} -Wall"
+CFLAGS="${CFLAGS} -Wall"
# see: http://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
# -Wall doesn't actually turn on all warnings, so add -Wextra
# but then plenty too many complaints by
# -Wmissing-field-initializers
# -Wsign-compare
# -Wtype-limits
-### CFLAGS="${CFLAGS} -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits"
+# -Wunused-but-set-parameter
+# -Wunused-but-set-variable
+CFLAGS="${CFLAGS} -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits"
+CFLAGS="${CFLAGS} -Wno-unused-parameter -Wno-unused-but-set-variable"
-# CFLAGS="${CFLAGS} -Wconversion"
+#-no-# CFLAGS="${CFLAGS} -Wconversion"
# way too many warnings for things that don't look like a problem
-### CFLAGS="${CFLAGS} -Wformat-security"
-# If -Wformat is specified, also warn about uses of format functions that represent possible security problems.
+CFLAGS="${CFLAGS} -Wno-deprecated-declarations"
+# way too many warnings in openssl.c about RSA deprecated-declarations
+
+#-no-# CFLAGS="${CFLAGS} -Werror"
+# Turn all warnings into errors.
+# Privoxy still has a few warnings that are not a problem
-### CFLAGS="${CFLAGS} -Wlogical-op"
+CFLAGS="${CFLAGS} -Wformat=2"
+# -Wformat is enabled by -Wall.
+# -Wformat=2 is equivalent to -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k
+# -Wformat-security : also warn about uses of format functions that represent possible security problems.
+
+CFLAGS="${CFLAGS} -Wlogical-op"
# Warn about suspicious uses of logical operators in expressions.
CFLAGS="${CFLAGS} -Wshadow"
# Warn whenever a local variable or type declaration shadows
# another variable or whenever a built-in function is shadowed.
-# CFLAGS="${CFLAGS} -Wwrite-strings"
+#-no-# CFLAGS="${CFLAGS} -Wwrite-strings"
# These warnings help you find at compile time code that can try to write
# into a string constant, but only if you have been very careful about
# using const in declarations and prototypes.
# >>> Otherwise, it is just a nuisance. <<< -- this, very much this
+# why does the mingw library _not_ include .a files for libpcre?
+# *sigh* build my own pcre so I can do static linking
+# Get the 8.x PCRE library from
+# https://sourceforge.net/projects/pcre/files/pcre/
+# Get the 10.x PCRE2 library from
+# https://github.com/PCRE2Project/pcre2/releases
+#
+#
+usepcre2=yes
+#
+#
+if [ "$usepcre2" = "yes" ]; then
+ PCREOPT=""
+ inc="/source/pcre2-10.42/src/"
+ # need pcre2.h
+ lib="/source/pcre2-10.42/.libs"
+ # need libpcre2-8.a & libpcre2-posix.a
+else
+ PCREOPT="--disable-pcre2"
+ inc="/source/pcre-8.45/"
+ lib="/source/pcre-8.45/.libs"
+fi
+CPPFLAGS="${CPPFLAGS} -I${inc}"
+LDFLAGS="${LDFLAGS} -L${lib}"
+
+# mbedtls
+## https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.16.12
+## This is the last release of the 2.16 long-time support branch.
+## Users who want a long-time branch should move to mbedtls-2.28,
+## which is backward-compatible and will be supported for at least
+## 3 years.
+# Get the 2.28.x mbedtls library from https://github.com/Mbed-TLS/mbedtls/tags
+# Release Notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4
+
+##MITMOPT="--with-mbedtls"
+##inc="/source/mbedtls-2.28.4/include"
+##lib="/source/mbedtls-2.28.4/library"
+##CPPFLAGS="${CPPFLAGS} -I${inc}"
+##LDFLAGS="${LDFLAGS} -L${lib}"
+
+MITMOPT="--with-openssl"
+
+# brotli
+# Get the brotli library from https://github.com/google/brotli/releases
+inc="/source/brotli-1.0.9/c/include"
+lib="/source/brotli-1.0.9/.libs"
+BROTLIOPT="--with-brotli"
+CPPFLAGS="${CPPFLAGS} -I${inc}"
+LDFLAGS="${LDFLAGS} -L${lib}"
+
+###
echo "CFLAGS=${CFLAGS}"
+echo "CPPFLAGS=${CPPFLAGS}"
echo "LDFLAGS=${LDFLAGS}"
# ./configure cross-compilation options:
# --target: only used to build a cross-compiling toolchain.
./configure --host=i686-w64-mingw32 --enable-mingw32 --enable-zlib \
+ --enable-extended-statistics \
+ ${PCREOPT} \
+ --enable-pcre-host-patterns \
--enable-static-linking \
--enable-strptime-sanity-checks \
- --disable-pthread --disable-dynamic-pcre \
+ --disable-pthread \
+ --with-brotli \
+ ${MITMOPT} \
--with-docbook=yes
# -- done --