From 1fdf59a4bcce906f8a947ba6dd17b4766f10f50a Mon Sep 17 00:00:00 2001
From: Sait Talha Nisanci <s.talhanisanci@gmail.com>
Date: Tue, 20 Oct 2020 17:48:07 +0300
Subject: [PATCH] Use -fstack-clash-protection if gcc >= 8

---
 citus.spec   |  5 +++++
 debian/rules | 12 ++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/citus.spec b/citus.spec
index ad2be6bfb..4cc5ddddd 100644
--- a/citus.spec
+++ b/citus.spec
@@ -45,6 +45,11 @@ if [ "$(printf '%s\n' "$requiredgccver" "$currentgccver" | sort -V | tail -n1)"
     fi
 fi
 
+gccgte8=$(expr `gcc -dumpversion | cut -f1 -d.` \>= 8)
+ifeq "$(gccgte8)" "1"
+    SECURITY_CFLAGS += -fstack-clash-protection
+endif
+
 %build
 %configure PG_CONFIG=%{pginstdir}/bin/pg_config --with-extra-version="%{?conf_extra_version}" CC=$(command -v gcc) CFLAGS="$SECURITY_CFLAGS"
 make %{?_smp_mflags}
diff --git a/debian/rules b/debian/rules
index afb6c8022..b3bf0fb5f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,9 +2,17 @@
 
 include /usr/share/postgresql-common/pgxs_debian_control.mk
 
+# Flags taken from: https://liquid.microsoft.com/Web/Object/Read/ms.security/Requirements/Microsoft.Security.SystemsADM.10203#guide
+SECURITY_CFLAGS=-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -z noexecstack -fpic -Wl,-z,relro -Wl,-z,now -Wformat -Wformat-security -Werror=format-security
+
+GCCVERSIONGTE8=$(shell expr `gcc -dumpversion | cut -f1 -d.` \>= 8)
+ifeq "$(GCCVERSIONGTE8)" "1"
+    # if gcc version is greater than or equal to 8 we should also use this flag
+    SECURITY_CFLAGS += -fstack-clash-protection
+endif
+
 override_dh_auto_build:
-	# Flags taken from: https://liquid.microsoft.com/Web/Object/Read/ms.security/Requirements/Microsoft.Security.SystemsADM.10203#guide
-	+pg_buildext build build-%v '$(CFLAGS) -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -z noexecstack -fpic -Wl,-z,relro -Wl,-z,now -Wformat -Wformat-security -Werror=format-security'
+	+pg_buildext build build-%v '$(CFLAGS) $(SECURITY_CFLAGS)'
 
 override_dh_auto_clean:
 	+pg_buildext clean build-%v