# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
-# Version 27
+# Version 28
+# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added.
# 2015-03-17 AHX_CONFIG_REALLOCARRAY added
# 2013-09-19 FLTO help text improved.
# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes
# ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters.
# AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED.
# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family
+# ACX_CHECK_PIE - add --enable-pie option and check if works
+# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it
#
dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines.
#endif
]) ])
+dnl Check if CC and linker support -fPIE and -pie.
+dnl If so, sets them in CFLAGS / LDFLAGS.
+AC_DEFUN([ACX_CHECK_PIE], [
+ AC_ARG_ENABLE([pie], AS_HELP_STRING([--enable-pie], [Enable Position-Independent Executable (eg. to fully benefit from ASLR, small performance penalty)]))
+ AS_IF([test "x$enable_pie" = "xyes"], [
+ AC_MSG_CHECKING([if $CC supports PIE])
+ BAKLDFLAGS="$LDFLAGS"
+ BAKCFLAGS="$CFLAGS"
+ LDFLAGS="$LDFLAGS -pie"
+ CFLAGS="$CFLAGS -fPIE"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
+ if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
+ LDFLAGS="$BAKLDFLAGS"
+ AC_MSG_RESULT(no)
+ else
+ AC_MSG_RESULT(yes)
+ fi
+ rm -f conftest conftest.c conftest.o
+ ], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)])
+ ])
+])
+
+dnl Check if linker supports -Wl,-z,relro,-z,now.
+dnl If so, adds it to LDFLAGS.
+AC_DEFUN([ACX_CHECK_RELRO_NOW], [
+ AC_ARG_ENABLE([relro_now], AS_HELP_STRING([--enable-relro-now], [Enable full relocation binding at load-time (RELRO NOW, to protect GOT and .dtor areas)]))
+ AS_IF([test "x$enable_relro_now" = "xyes"], [
+ AC_MSG_CHECKING([if $CC supports -Wl,-z,relro,-z,now])
+ BAKLDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
+ if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
+ LDFLAGS="$BAKLDFLAGS"
+ AC_MSG_RESULT(no)
+ else
+ AC_MSG_RESULT(yes)
+ fi
+ rm -f conftest conftest.c conftest.o
+ ], [LDFLAGS="$BAKLDFLAGS" ; AC_MSG_RESULT(no)])
+ ])
+])
+
dnl End of file
enable_checking
enable_debug
enable_flto
+enable_pie
+enable_relro_now
enable_shared
enable_static
with_pic
--enable-checking Enable warnings, asserts, makefile-dependencies
--enable-debug same as enable-checking
--disable-flto Disable link-time optimization (gcc specific option)
+ --enable-pie Enable Position-Independent Executable (eg. to fully
+ benefit from ASLR, small performance penalty)
+ --enable-relro-now Enable full relocation binding at load-time (RELRO
+ NOW, to protect GOT and .dtor areas)
--enable-shared[=PKGS] build shared libraries [default=yes]
--enable-static[=PKGS] build static libraries [default=yes]
--enable-fast-install[=PKGS]
fi
+ # Check whether --enable-pie was given.
+if test "${enable_pie+set}" = set; then :
+ enableval=$enable_pie;
+fi
+
+ if test "x$enable_pie" = "xyes"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports PIE" >&5
+$as_echo_n "checking if $CC supports PIE... " >&6; }
+ BAKLDFLAGS="$LDFLAGS"
+ BAKCFLAGS="$CFLAGS"
+ LDFLAGS="$LDFLAGS -pie"
+ CFLAGS="$CFLAGS -fPIE"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
+ LDFLAGS="$BAKLDFLAGS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ rm -f conftest conftest.c conftest.o
+
+else
+ LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+
+
+ # Check whether --enable-relro_now was given.
+if test "${enable_relro_now+set}" = set; then :
+ enableval=$enable_relro_now;
+fi
+
+ if test "x$enable_relro_now" = "xyes"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wl,-z,relro,-z,now" >&5
+$as_echo_n "checking if $CC supports -Wl,-z,relro,-z,now... " >&6; }
+ BAKLDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
+ LDFLAGS="$BAKLDFLAGS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ rm -f conftest conftest.c conftest.o
+
+else
+ LDFLAGS="$BAKLDFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
$as_echo_n "checking for inline... " >&6; }
if ${ac_cv_c_inline+:} false; then :
;;
esac
ACX_CHECK_FLTO
+ACX_CHECK_PIE
+ACX_CHECK_RELRO_NOW
AC_C_INLINE
ACX_CHECK_FORMAT_ATTRIBUTE
28 August 2015: Wouter
- Fix #697: Get PY_MAJOR_VERSION failure at configure for python
2.4 to 2.6.
+ - Feature #699: --enable-pie option to that builds PIE binary.
+ - Feature #700: --enable-relro-now option that enables full read-only
+ relocation.
24 August 2015: Wouter
- Fix deadlock for local data add and zone add when unbound-control
projects / thirdparty / unbound.git / commitdiff
