mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- Feature #699: --enable-pie option to that builds PIE binary.
- Feature #700: --enable-relro-now option that enables full read-only relocation. git-svn-id: file:///svn/unbound/trunk@3483 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
5dd7c7bb4b
commit
62146024c3
4 changed files with 147 additions and 1 deletions
|
|
@ -2,7 +2,8 @@
|
|||
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
|
||||
# BSD licensed.
|
||||
#
|
||||
# Version 27
|
||||
# Version 28
|
||||
# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added.
|
||||
# 2015-03-17 AHX_CONFIG_REALLOCARRAY added
|
||||
# 2013-09-19 FLTO help text improved.
|
||||
# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes
|
||||
|
|
@ -94,6 +95,8 @@
|
|||
# ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters.
|
||||
# AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED.
|
||||
# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family
|
||||
# ACX_CHECK_PIE - add --enable-pie option and check if works
|
||||
# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it
|
||||
#
|
||||
|
||||
dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines.
|
||||
|
|
@ -1386,4 +1389,46 @@ AC_DEFUN([ACX_CHECK_SS_FAMILY],
|
|||
#endif
|
||||
]) ])
|
||||
|
||||
dnl Check if CC and linker support -fPIE and -pie.
|
||||
dnl If so, sets them in CFLAGS / LDFLAGS.
|
||||
AC_DEFUN([ACX_CHECK_PIE], [
|
||||
AC_ARG_ENABLE([pie], AS_HELP_STRING([--enable-pie], [Enable Position-Independent Executable (eg. to fully benefit from ASLR, small performance penalty)]))
|
||||
AS_IF([test "x$enable_pie" = "xyes"], [
|
||||
AC_MSG_CHECKING([if $CC supports PIE])
|
||||
BAKLDFLAGS="$LDFLAGS"
|
||||
BAKCFLAGS="$CFLAGS"
|
||||
LDFLAGS="$LDFLAGS -pie"
|
||||
CFLAGS="$CFLAGS -fPIE"
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
|
||||
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
|
||||
LDFLAGS="$BAKLDFLAGS"
|
||||
AC_MSG_RESULT(no)
|
||||
else
|
||||
AC_MSG_RESULT(yes)
|
||||
fi
|
||||
rm -f conftest conftest.c conftest.o
|
||||
], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)])
|
||||
])
|
||||
])
|
||||
|
||||
dnl Check if linker supports -Wl,-z,relro,-z,now.
|
||||
dnl If so, adds it to LDFLAGS.
|
||||
AC_DEFUN([ACX_CHECK_RELRO_NOW], [
|
||||
AC_ARG_ENABLE([relro_now], AS_HELP_STRING([--enable-relro-now], [Enable full relocation binding at load-time (RELRO NOW, to protect GOT and .dtor areas)]))
|
||||
AS_IF([test "x$enable_relro_now" = "xyes"], [
|
||||
AC_MSG_CHECKING([if $CC supports -Wl,-z,relro,-z,now])
|
||||
BAKLDFLAGS="$LDFLAGS"
|
||||
LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
|
||||
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
|
||||
LDFLAGS="$BAKLDFLAGS"
|
||||
AC_MSG_RESULT(no)
|
||||
else
|
||||
AC_MSG_RESULT(yes)
|
||||
fi
|
||||
rm -f conftest conftest.c conftest.o
|
||||
], [LDFLAGS="$BAKLDFLAGS" ; AC_MSG_RESULT(no)])
|
||||
])
|
||||
])
|
||||
|
||||
dnl End of file
|
||||
|
|
|
|||
96
configure
vendored
96
configure
vendored
|
|
@ -804,6 +804,8 @@ with_username
|
|||
enable_checking
|
||||
enable_debug
|
||||
enable_flto
|
||||
enable_pie
|
||||
enable_relro_now
|
||||
enable_shared
|
||||
enable_static
|
||||
with_pic
|
||||
|
|
@ -1465,6 +1467,10 @@ Optional Features:
|
|||
--enable-checking Enable warnings, asserts, makefile-dependencies
|
||||
--enable-debug same as enable-checking
|
||||
--disable-flto Disable link-time optimization (gcc specific option)
|
||||
--enable-pie Enable Position-Independent Executable (eg. to fully
|
||||
benefit from ASLR, small performance penalty)
|
||||
--enable-relro-now Enable full relocation binding at load-time (RELRO
|
||||
NOW, to protect GOT and .dtor areas)
|
||||
--enable-shared[=PKGS] build shared libraries [default=yes]
|
||||
--enable-static[=PKGS] build static libraries [default=yes]
|
||||
--enable-fast-install[=PKGS]
|
||||
|
|
@ -5879,6 +5885,96 @@ rm -f core conftest.err conftest.$ac_objext \
|
|||
fi
|
||||
|
||||
|
||||
# Check whether --enable-pie was given.
|
||||
if test "${enable_pie+set}" = set; then :
|
||||
enableval=$enable_pie;
|
||||
fi
|
||||
|
||||
if test "x$enable_pie" = "xyes"; then :
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports PIE" >&5
|
||||
$as_echo_n "checking if $CC supports PIE... " >&6; }
|
||||
BAKLDFLAGS="$LDFLAGS"
|
||||
BAKCFLAGS="$CFLAGS"
|
||||
LDFLAGS="$LDFLAGS -pie"
|
||||
CFLAGS="$CFLAGS -fPIE"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
|
||||
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
|
||||
LDFLAGS="$BAKLDFLAGS"
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
||||
$as_echo "no" >&6; }
|
||||
else
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
|
||||
$as_echo "yes" >&6; }
|
||||
fi
|
||||
rm -f conftest conftest.c conftest.o
|
||||
|
||||
else
|
||||
LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
||||
$as_echo "no" >&6; }
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
|
||||
fi
|
||||
|
||||
|
||||
# Check whether --enable-relro_now was given.
|
||||
if test "${enable_relro_now+set}" = set; then :
|
||||
enableval=$enable_relro_now;
|
||||
fi
|
||||
|
||||
if test "x$enable_relro_now" = "xyes"; then :
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wl,-z,relro,-z,now" >&5
|
||||
$as_echo_n "checking if $CC supports -Wl,-z,relro,-z,now... " >&6; }
|
||||
BAKLDFLAGS="$LDFLAGS"
|
||||
LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
|
||||
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
|
||||
LDFLAGS="$BAKLDFLAGS"
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
||||
$as_echo "no" >&6; }
|
||||
else
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
|
||||
$as_echo "yes" >&6; }
|
||||
fi
|
||||
rm -f conftest conftest.c conftest.o
|
||||
|
||||
else
|
||||
LDFLAGS="$BAKLDFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
||||
$as_echo "no" >&6; }
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
|
||||
fi
|
||||
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
|
||||
$as_echo_n "checking for inline... " >&6; }
|
||||
if ${ac_cv_c_inline+:} false; then :
|
||||
|
|
|
|||
|
|
@ -246,6 +246,8 @@ case "$debug_enabled" in
|
|||
;;
|
||||
esac
|
||||
ACX_CHECK_FLTO
|
||||
ACX_CHECK_PIE
|
||||
ACX_CHECK_RELRO_NOW
|
||||
|
||||
AC_C_INLINE
|
||||
ACX_CHECK_FORMAT_ATTRIBUTE
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
28 August 2015: Wouter
|
||||
- Fix #697: Get PY_MAJOR_VERSION failure at configure for python
|
||||
2.4 to 2.6.
|
||||
- Feature #699: --enable-pie option to that builds PIE binary.
|
||||
- Feature #700: --enable-relro-now option that enables full read-only
|
||||
relocation.
|
||||
|
||||
24 August 2015: Wouter
|
||||
- Fix deadlock for local data add and zone add when unbound-control
|
||||
|
|
|
|||
Loading…
Reference in a new issue