summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-01-22 21:30:12 +1100
committerDamien Miller <djm@mindrot.org>2014-01-22 21:30:12 +1100
commit5c2ff5e31f57d303ebb414d84a934c02728fa568 (patch)
treeb1c8a8a1d6eee29847c3de5d7ebe00f79f44db93 /configure.ac
parent852472a54b8a0dc3e53786b313baaa86850a4273 (diff)
- (djm) [configure.ac aclocal.m4] More tests to detect fallout from
platform hardening options: include some long long int arithmatic to detect missing support functions for -ftrapv in libgcc and equivalents, actually test linking when -ftrapv is supplied and set either both -pie/-fPIE or neither. feedback and ok dtucker@
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac23
1 files changed, 20 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac
index b738f4e60..12d62e294 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.557 2014/01/22 05:31:18 djm Exp $ 1# $Id: configure.ac,v 1.558 2014/01/22 10:30:13 djm Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -15,7 +15,7 @@
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 16
17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18AC_REVISION($Revision: 1.557 $) 18AC_REVISION($Revision: 1.558 $)
19AC_CONFIG_SRCDIR([ssh.c]) 19AC_CONFIG_SRCDIR([ssh.c])
20AC_LANG([C]) 20AC_LANG([C])
21 21
@@ -164,10 +164,15 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
164 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 164 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
165 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 165 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
166 if test "x$use_toolchain_hardening" = "x1"; then 166 if test "x$use_toolchain_hardening" = "x1"; then
167 OSSH_CHECK_CFLAG_COMPILE([-ftrapv])
168 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 167 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
169 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 168 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 169 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
170 # NB. -ftrapv expects certain support functions to be present in
171 # the compiler library (libgcc or similar) to detect integer operations
172 # that can overflow. We must check that the result of enabling it
173 # actually links. The test program compiled/linked includes a number
174 # of integer operations that should exercise this.
175 OSSH_CHECK_CFLAG_LINK([-ftrapv])
171 fi 176 fi
172 AC_MSG_CHECKING([gcc version]) 177 AC_MSG_CHECKING([gcc version])
173 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
@@ -1594,8 +1599,20 @@ if test "x$use_pie" == "xauto"; then
1594) 1599)
1595fi 1600fi
1596if test "x$use_pie" != "xno"; then 1601if test "x$use_pie" != "xno"; then
1602 SAVED_CFLAGS="$CFLAGS"
1603 SAVED_LDFLAGS="$LDFLAGS"
1597 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1604 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1598 OSSH_CHECK_LDFLAG_LINK([-pie]) 1605 OSSH_CHECK_LDFLAG_LINK([-pie])
1606 # We use both -fPIE and -pie or neither.
1607 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1608 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1609 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1610 AC_MSG_RESULT([yes])
1611 else
1612 AC_MSG_RESULT([no])
1613 CFLAGS="$SAVED_CFLAGS"
1614 LDFLAGS="$SAVED_LDFLAGS"
1615 fi
1599fi 1616fi
1600 1617
1601dnl Checks for library functions. Please keep in alphabetical order 1618dnl Checks for library functions. Please keep in alphabetical order
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 05:17:00 +0000