upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Feature #699: --enable-pie option to that builds PIE binary.

Browse source 
- Feature #700: --enable-relro-now option that enables full read-only
  relocation.


git-svn-id: file:///svn/unbound/trunk@3483 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2015-08-28 14:27:03 +00:00
parent 5dd7c7bb4b
commit 62146024c3
4 changed files with 147 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
acx_nlnetlabs.m4
View file

@ -2,7 +2,8 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs. # Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed. # BSD licensed.
# #
# Version 27 # Version 28
# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added.
# 2015-03-17 AHX_CONFIG_REALLOCARRAY added # 2015-03-17 AHX_CONFIG_REALLOCARRAY added
# 2013-09-19 FLTO help text improved. # 2013-09-19 FLTO help text improved.
# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes # 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes
@ -94,6 +95,8 @@
# ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters. # ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters.
# AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED. # AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED.
# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family # ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family
# ACX_CHECK_PIE - add --enable-pie option and check if works
# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it
# #
dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines. dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines.
@ -1386,4 +1389,46 @@ AC_DEFUN([ACX_CHECK_SS_FAMILY],
#endif #endif
]) ]) ]) ])
dnl Check if CC and linker support -fPIE and -pie.
dnl If so, sets them in CFLAGS / LDFLAGS.
AC_DEFUN([ACX_CHECK_PIE], [
AC_ARG_ENABLE([pie], AS_HELP_STRING([--enable-pie], [Enable Position-Independent Executable (eg. to fully benefit from ASLR, small performance penalty)]))
AS_IF([test "x$enable_pie" = "xyes"], [
AC_MSG_CHECKING([if $CC supports PIE])
BAKLDFLAGS="$LDFLAGS"
BAKCFLAGS="$CFLAGS"
LDFLAGS="$LDFLAGS -pie"
CFLAGS="$CFLAGS -fPIE"
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
rm -f conftest conftest.c conftest.o
], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)])
])
])
dnl Check if linker supports -Wl,-z,relro,-z,now.
dnl If so, adds it to LDFLAGS.
AC_DEFUN([ACX_CHECK_RELRO_NOW], [
AC_ARG_ENABLE([relro_now], AS_HELP_STRING([--enable-relro-now], [Enable full relocation binding at load-time (RELRO NOW, to protect GOT and .dtor areas)]))
AS_IF([test "x$enable_relro_now" = "xyes"], [
AC_MSG_CHECKING([if $CC supports -Wl,-z,relro,-z,now])
BAKLDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
rm -f conftest conftest.c conftest.o
], [LDFLAGS="$BAKLDFLAGS" ; AC_MSG_RESULT(no)])
])
])
dnl End of file dnl End of file

96
configure vendored
View file

@ -804,6 +804,8 @@ with_username
enable_checking enable_checking
enable_debug enable_debug
enable_flto enable_flto
enable_pie
enable_relro_now
enable_shared enable_shared
enable_static enable_static
with_pic with_pic
@ -1465,6 +1467,10 @@ Optional Features:
--enable-checking Enable warnings, asserts, makefile-dependencies --enable-checking Enable warnings, asserts, makefile-dependencies
--enable-debug same as enable-checking --enable-debug same as enable-checking
--disable-flto Disable link-time optimization (gcc specific option) --disable-flto Disable link-time optimization (gcc specific option)
--enable-pie Enable Position-Independent Executable (eg. to fully
benefit from ASLR, small performance penalty)
--enable-relro-now Enable full relocation binding at load-time (RELRO
NOW, to protect GOT and .dtor areas)
--enable-shared[=PKGS] build shared libraries [default=yes] --enable-shared[=PKGS] build shared libraries [default=yes]
--enable-static[=PKGS] build static libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes]
--enable-fast-install[=PKGS] --enable-fast-install[=PKGS]
@ -5879,6 +5885,96 @@ rm -f core conftest.err conftest.$ac_objext \
fi fi
# Check whether --enable-pie was given.
if test "${enable_pie+set}" = set; then :
enableval=$enable_pie;
fi
if test "x$enable_pie" = "xyes"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports PIE" >&5
$as_echo_n "checking if $CC supports PIE... " >&6; }
BAKLDFLAGS="$LDFLAGS"
BAKCFLAGS="$CFLAGS"
LDFLAGS="$LDFLAGS -pie"
CFLAGS="$CFLAGS -fPIE"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
fi
rm -f conftest conftest.c conftest.o
else
LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
# Check whether --enable-relro_now was given.
if test "${enable_relro_now+set}" = set; then :
enableval=$enable_relro_now;
fi
if test "x$enable_relro_now" = "xyes"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wl,-z,relro,-z,now" >&5
$as_echo_n "checking if $CC supports -Wl,-z,relro,-z,now... " >&6; }
BAKLDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
fi
rm -f conftest conftest.c conftest.o
else
LDFLAGS="$BAKLDFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
$as_echo_n "checking for inline... " >&6; } $as_echo_n "checking for inline... " >&6; }
if ${ac_cv_c_inline+:} false; then : if ${ac_cv_c_inline+:} false; then :

2
configure.ac
View file

@ -246,6 +246,8 @@ case "$debug_enabled" in
;; ;;
esac esac
ACX_CHECK_FLTO ACX_CHECK_FLTO
ACX_CHECK_PIE
ACX_CHECK_RELRO_NOW
AC_C_INLINE AC_C_INLINE
ACX_CHECK_FORMAT_ATTRIBUTE ACX_CHECK_FORMAT_ATTRIBUTE

3
doc/Changelog
View file

@ -1,6 +1,9 @@
28 August 2015: Wouter 28 August 2015: Wouter
- Fix #697: Get PY_MAJOR_VERSION failure at configure for python - Fix #697: Get PY_MAJOR_VERSION failure at configure for python
2.4 to 2.6. 2.4 to 2.6.
- Feature #699: --enable-pie option to that builds PIE binary.
- Feature #700: --enable-relro-now option that enables full read-only
relocation.
24 August 2015: Wouter 24 August 2015: Wouter
- Fix deadlock for local data add and zone add when unbound-control - Fix deadlock for local data add and zone add when unbound-control