From 852472a54b8a0dc3e53786b313baaa86850a4273 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 22 Jan 2014 16:31:18 +1100 Subject: [PATCH] - (djm) [configure.ac] Unless specifically requested, only attempt to build Position Independent Executables on gcc >= 4.x; ok dtucker --- ChangeLog | 2 ++ configure.ac | 37 ++++++++++++++++++++++++++++--------- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 479221afb..bbe112e68 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a platform that is expected to use the reuse-argv style setproctitle hack surprises us by providing a setproctitle in libc; ok dtucker + - (djm) [configure.ac] Unless specifically requested, only attempt + to build Position Independent Executables on gcc >= 4.x; ok dtucker 20140121 - (dtucker) [configure.ac] Make PIE a configure-time option which defaults diff --git a/configure.ac b/configure.ac index e5bb68409..b738f4e60 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.556 2014/01/21 01:48:52 dtucker Exp $ +# $Id: configure.ac,v 1.557 2014/01/22 05:31:18 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.556 $) +AC_REVISION($Revision: 1.557 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -555,7 +555,7 @@ case "$host" in AC_DEFINE([BROKEN_SETREGID]) ;; *-*-darwin*) - use_pie=1 + use_pie=auto AC_MSG_CHECKING([if we have working getaddrinfo]) AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) @@ -694,7 +694,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) ;; *-*-linux*) no_dev_ptmx=1 - use_pie=1 + use_pie=auto check_for_libcrypt_later=1 check_for_openpty_ctty_bug=1 AC_DEFINE([PAM_TTY_KLUDGE], [1], @@ -791,7 +791,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) ;; *-*-openbsd*) - use_pie=1 + use_pie=auto AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) @@ -1566,15 +1566,34 @@ AC_ARG_WITH([audit], AC_ARG_WITH([pie], [ --with-pie Build Position Independent Executables if possible], [ if test "x$withval" = "xno"; then - use_pie=0 + use_pie=no fi if test "x$withval" = "xyes"; then - use_pie=1 + use_pie=yes fi ] ) - -if test "x$use_toolchain_hardening" = "x1" && test "x$use_pie" = "x1"; then +if test "x$use_pie" = "x"; then + use_pie=no +fi +if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then + # Turn off automatic PIE when toolchain hardening is off. + use_pie=no +fi +if test "x$use_pie" == "xauto"; then + # Automatic PIE requires gcc >= 4.x + AC_MSG_CHECKING([for gcc >= 4.x]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ +#if !defined(__GNUC__) || __GNUC__ < 4 +#error gcc is too old +#endif +]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + use_pie=no ] +) +fi +if test "x$use_pie" != "xno"; then OSSH_CHECK_CFLAG_COMPILE([-fPIE]) OSSH_CHECK_LDFLAG_LINK([-pie]) fi