From 6abf3afc4d23b03f2a004555c17f6e65d9cb2e04 Mon Sep 17 00:00:00 2001
From: Hanefi Onaldi <Hanefi.Onaldi@microsoft.com>
Date: Wed, 3 Mar 2021 01:34:10 +0300
Subject: [PATCH] Remove some flags that are not supported in recent clang

---
 configure    | 5 +++--
 configure.in | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/configure b/configure
index b8ac4c9bc..8a50fe1ab 100755
--- a/configure
+++ b/configure
@@ -4772,8 +4772,9 @@ $as_echo "$as_me: Blindly added security flags for linker: $SECURITY_CFLAGS" >&6
 
 # We always want to have some clang flags for security concerns.
 # This doesn't include "-Wl,-z,relro -Wl,-z,now" on purpuse, because bitcode is not linked.
-# -fvisibility=hidden is added because otherwise -fsanitize=cfi doesn't work.
-SECURITY_BITCODE_CFLAGS="-fsanitize=safe-stack -fstack-protector-strong -flto -fsanitize=cfi -fvisibility=hidden -fPIC -Wformat -Wformat-security -Werror=format-security"
+# This doesn't include -fsanitize=cfi because it breaks builds on many distros including
+# Debian/Buster, Debian/Stretch, Ubuntu/Bionic, Ubuntu/Xenial and EL7.
+SECURITY_BITCODE_CFLAGS="-fsanitize=safe-stack -fstack-protector-strong -flto -fPIC -Wformat -Wformat-security -Werror=format-security"
 CITUS_BITCODE_CFLAGS="$CITUS_BITCODE_CFLAGS $SECURITY_BITCODE_CFLAGS"
 { $as_echo "$as_me:${as_lineno-$LINENO}: Blindly added security flags for llvm: $SECURITY_BITCODE_CFLAGS" >&5
 $as_echo "$as_me: Blindly added security flags for llvm: $SECURITY_BITCODE_CFLAGS" >&6;}
diff --git a/configure.in b/configure.in
index 874cb4b7e..d23945044 100644
--- a/configure.in
+++ b/configure.in
@@ -280,8 +280,9 @@ AC_MSG_NOTICE([Blindly added security flags for linker: $SECURITY_CFLAGS])
 
 # We always want to have some clang flags for security concerns.
 # This doesn't include "-Wl,-z,relro -Wl,-z,now" on purpuse, because bitcode is not linked.
-# -fvisibility=hidden is added because otherwise -fsanitize=cfi doesn't work.
-SECURITY_BITCODE_CFLAGS="-fsanitize=safe-stack -fstack-protector-strong -flto -fsanitize=cfi -fvisibility=hidden -fPIC -Wformat -Wformat-security -Werror=format-security"
+# This doesn't include -fsanitize=cfi because it breaks builds on many distros including
+# Debian/Buster, Debian/Stretch, Ubuntu/Bionic, Ubuntu/Xenial and EL7.
+SECURITY_BITCODE_CFLAGS="-fsanitize=safe-stack -fstack-protector-strong -flto -fPIC -Wformat -Wformat-security -Werror=format-security"
 CITUS_BITCODE_CFLAGS="$CITUS_BITCODE_CFLAGS $SECURITY_BITCODE_CFLAGS"
 AC_MSG_NOTICE([Blindly added security flags for llvm: $SECURITY_BITCODE_CFLAGS])