- (dtucker) [configure.ac] Make PIE a configure-time option which defaults

to on platforms where it's known to be reliably detected and off elsewhere.
   Works around platforms such as FreeBSD 9.1 where it does not interop with
   -ftrapv (it seems to work but fails when trying to link ssh).  ok djm@
This commit is contained in:
Darren Tucker 2014-01-21 12:48:51 +11:00
parent f9df7f6f47
commit 096118dc73
2 changed files with 27 additions and 4 deletions

View File

@ -1,3 +1,9 @@
20140121
- (dtucker) [configure.ac] Make PIE a configure-time option which defaults
to on platforms where it's known to be reliably detected and off elsewhere.
Works around platforms such as FreeBSD 9.1 where it does not interop with
-ftrapv (it seems to work but fails when trying to link ssh). ok djm@
20140120 20140120
- (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
implementation does not have krb5_cc_new_unique, similar to what we do implementation does not have krb5_cc_new_unique, similar to what we do

View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.555 2014/01/18 10:12:43 dtucker Exp $ # $Id: configure.ac,v 1.556 2014/01/21 01:48:52 dtucker Exp $
# #
# Copyright (c) 1999-2004 Damien Miller # Copyright (c) 1999-2004 Damien Miller
# #
@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
AC_REVISION($Revision: 1.555 $) AC_REVISION($Revision: 1.556 $)
AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_SRCDIR([ssh.c])
AC_LANG([C]) AC_LANG([C])
@ -165,8 +165,6 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
if test "x$use_toolchain_hardening" = "x1"; then if test "x$use_toolchain_hardening" = "x1"; then
OSSH_CHECK_CFLAG_COMPILE([-ftrapv]) OSSH_CHECK_CFLAG_COMPILE([-ftrapv])
OSSH_CHECK_CFLAG_COMPILE([-fPIE])
OSSH_CHECK_LDFLAG_LINK([-pie])
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
@ -557,6 +555,7 @@ case "$host" in
AC_DEFINE([BROKEN_SETREGID]) AC_DEFINE([BROKEN_SETREGID])
;; ;;
*-*-darwin*) *-*-darwin*)
use_pie=1
AC_MSG_CHECKING([if we have working getaddrinfo]) AC_MSG_CHECKING([if we have working getaddrinfo])
AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
@ -695,6 +694,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
;; ;;
*-*-linux*) *-*-linux*)
no_dev_ptmx=1 no_dev_ptmx=1
use_pie=1
check_for_libcrypt_later=1 check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1 check_for_openpty_ctty_bug=1
AC_DEFINE([PAM_TTY_KLUDGE], [1], AC_DEFINE([PAM_TTY_KLUDGE], [1],
@ -791,6 +791,7 @@ mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
;; ;;
*-*-openbsd*) *-*-openbsd*)
use_pie=1
AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
@ -1562,6 +1563,22 @@ AC_ARG_WITH([audit],
esac ] esac ]
) )
AC_ARG_WITH([pie],
[ --with-pie Build Position Independent Executables if possible], [
if test "x$withval" = "xno"; then
use_pie=0
fi
if test "x$withval" = "xyes"; then
use_pie=1
fi
]
)
if test "x$use_toolchain_hardening" = "x1" && test "x$use_pie" = "x1"; then
OSSH_CHECK_CFLAG_COMPILE([-fPIE])
OSSH_CHECK_LDFLAG_LINK([-pie])
fi
dnl Checks for library functions. Please keep in alphabetical order dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS([ \ AC_CHECK_FUNCS([ \
Blowfish_initstate \ Blowfish_initstate \