rpms/gcc
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add --enable-host-pie, build the compilers as PIE

Browse Source 
Resolves: #2044917
This commit is contained in:
Marek Polacek 2022-02-09 15:10:23 -05:00
parent d421f7317a
commit 8e18ddafa7
2 changed files with 892 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
gcc.spec
View File

@ -272,6 +272,7 @@ Patch19: gcc11-dg-ice-fixes.patch
Patch20: gcc11-relocatable-pch.patch
Patch21: gcc11-dejagnu-multiline.patch
Patch22: gcc11-libsanitizer-pthread.patch
Patch23: gcc11-pie.patch
Patch100: gcc11-fortran-fdec-duplicates.patch
Patch101: gcc11-fortran-flogical-as-integer.patch
@ -822,6 +823,7 @@ so that there cannot be any synchronization problems.
%patch20 -p1 -b .pch~
%patch21 -p1 -b .dejagnu-multiline~
%patch22 -p1 -b .libsanitizer-pthread~
%patch23 -p1 -b .pie~
%if 0%{?rhel} >= 9
%patch100 -p1 -b .fortran-fdec-duplicates~
@ -909,7 +911,7 @@ cd nvptx-tools-%{nvptx_tools_gitrev}
rm -rf obj-%{gcc_target_platform}
mkdir obj-%{gcc_target_platform}
cd obj-%{gcc_target_platform}
CC="$CC" CXX="$CXX" CFLAGS="%{optflags}" CXXFLAGS="%{optflags}" \
CC="$CC" CXX="$CXX" CFLAGS="%{optflags} -fPIE" CXXFLAGS="%{optflags} -fPIE" LDFLAGS="-pie" \
../configure --prefix=%{_prefix}
make %{?_smp_mflags}
make install prefix=${IROOT}%{_prefix}
@ -931,7 +933,7 @@ CC="$CC" CXX="$CXX" CFLAGS="$OPT_FLAGS" \
--prefix=%{_prefix} --mandir=%{_mandir} --infodir=%{_infodir} \
--with-bugurl=http://bugzilla.redhat.com/bugzilla \
--enable-checking=release --with-system-zlib \
--with-gcc-major-version-only --without-isl
--with-gcc-major-version-only --without-isl --enable-host-pie
make %{?_smp_mflags}
cd ..
rm -f newlib
@ -1128,7 +1130,7 @@ CC="$CC" CXX="$CXX" CFLAGS="$OPT_FLAGS" \
CXXFLAGS="`echo " $OPT_FLAGS " | sed 's/ -Wall / /g;s/ -fexceptions / /g' \
| sed 's/ -Wformat-security / -Wformat -Wformat-security /'`" \
XCFLAGS="$OPT_FLAGS" TCFLAGS="$OPT_FLAGS" \
../configure --enable-bootstrap \
../configure --enable-bootstrap --enable-host-pie \
--enable-languages=c,c++,fortran${enablelobjc}${enablelada}${enablelgo}${enableld},lto \
$CONFIGURE_OPTS
@ -3269,6 +3271,7 @@ end
%changelog
* Tue Feb 8 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.3
- use _thread_db_sizeof_pthread to obtain struct pthread size (#2034494)
- add --enable-host-pie, build the compilers as PIE (#2044917)
* Mon Feb 7 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.2
- add support for relocation of the PCH data (pch/71934, #2044917)

886
gcc11-pie.patch Normal file
View File

@ -0,0 +1,886 @@
From 088d8e322811394203220663c3b9c925980d57a2 Mon Sep 17 00:00:00 2001
From: Marek Polacek <polacek@redhat.com>
Date: Tue, 1 Feb 2022 18:27:16 -0500
Subject: [PATCH] configure: Implement --enable-host-pie
This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE. This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.
It is similar to the option --enable-host-shared, except that --e-h-s
won't add -shared to the linker flags whereas --e-h-p will add -pie.
It is different from --enable-default-pie because that option just
adds an implicit -fPIE/-pie when the compiler is invoked, but the
compiler itself isn't PIE.
Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH
regressions.
I plan to add an option to link with -Wl,-z,now.
c++tools/ChangeLog:
* Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it.
Use pic/libiberty.a if PICFLAG is set.
* configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG.
(--enable-host-pie): New check.
* configure: Regenerate.
gcc/ChangeLog:
* Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie.
Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to
ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
* doc/install.texi: Document --enable-host-pie.
libcody/ChangeLog:
* Makefile.in: Pass LD_PICFLAG to LDFLAGS.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
libcpp/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libdecnumber/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
zlib/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
---
c++tools/Makefile.in | 11 ++++++---
c++tools/configure | 17 +++++++++++---
c++tools/configure.ac | 11 +++++++--
gcc/Makefile.in | 29 ++++++++++++++----------
gcc/configure | 47 +++++++++++++++++++++++++++------------
gcc/configure.ac | 36 +++++++++++++++++++++---------
gcc/d/Make-lang.in | 2 +-
gcc/doc/install.texi | 16 +++++++++++--
libcody/Makefile.in | 2 +-
libcody/configure | 30 ++++++++++++++++++++++++-
libcody/configure.ac | 26 ++++++++++++++++++++--
libcpp/configure | 22 +++++++++++++++++-
libcpp/configure.ac | 19 ++++++++++++++--
libdecnumber/configure | 22 +++++++++++++++++-
libdecnumber/configure.ac | 19 ++++++++++++++--
zlib/configure | 30 ++++++++++++++++++++-----
zlib/configure.ac | 21 ++++++++++++++---
17 files changed, 295 insertions(+), 65 deletions(-)
diff --git a/c++tools/Makefile.in b/c++tools/Makefile.in
index d6a33613732..4d5a5b0522b 100644
--- a/c++tools/Makefile.in
+++ b/c++tools/Makefile.in
@@ -28,8 +28,9 @@ AUTOCONF := @AUTOCONF@
AUTOHEADER := @AUTOHEADER@
CXX := @CXX@
CXXFLAGS := @CXXFLAGS@
-PIEFLAG := @PIEFLAG@
-CXXOPTS := $(CXXFLAGS) $(PIEFLAG) -fno-exceptions -fno-rtti
+PICFLAG := @PICFLAG@
+LD_PICFLAG := @LD_PICFLAG@
+CXXOPTS := $(CXXFLAGS) $(PICFLAG) -fno-exceptions -fno-rtti
LDFLAGS := @LDFLAGS@
exeext := @EXEEXT@
LIBIBERTY := ../libiberty/libiberty.a
@@ -87,11 +88,15 @@ ifeq (@CXX_AUX_TOOLS@,yes)
all::g++-mapper-server$(exeext)
+ifneq ($(PICFLAG),)
+override LIBIBERTY := ../libiberty/pic/libiberty.a
+endif
+
MAPPER.O := server.o resolver.o
CODYLIB = ../libcody/libcody.a
CXXINC += -I$(srcdir)/../libcody -I$(srcdir)/../include -I$(srcdir)/../gcc -I.
g++-mapper-server$(exeext): $(MAPPER.O) $(CODYLIB)
- +$(CXX) $(LDFLAGS) $(PIEFLAG) -o $@ $^ $(VERSION.O) $(LIBIBERTY) $(NETLIBS)
+ +$(CXX) $(LDFLAGS) $(PICFLAG) $(LD_PICFLAG) -o $@ $^ $(VERSION.O) $(LIBIBERTY) $(NETLIBS)
# copy to gcc dir so tests there can run
all::../gcc/g++-mapper-server$(exeext)
diff --git a/c++tools/configure b/c++tools/configure
index 742816e4253..88087009383 100755
--- a/c++tools/configure
+++ b/c++tools/configure
@@ -630,7 +630,8 @@ CPP
ac_ct_CC
CFLAGS
CC
-PIEFLAG
+LD_PICFLAG
+PICFLAG
MAINTAINER
CXX_AUX_TOOLS
AUTOHEADER
@@ -702,6 +703,7 @@ enable_option_checking
enable_c___tools
enable_maintainer_mode
enable_default_pie
+enable_host_pie
with_gcc_major_version_only
'
ac_precious_vars='build_alias
@@ -1333,6 +1335,7 @@ Optional Features:
enable maintainer mode. Add rules to rebuild
configurey bits
--enable-default-pie enable Position Independent Executable as default
+ --enable-host-pie build host code as PIE
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -2992,12 +2995,20 @@ test "$maintainer_mode" = yes && MAINTAI
# Check whether --enable-default-pie was given.
# Check whether --enable-default-pie was given.
if test "${enable_default_pie+set}" = set; then :
- enableval=$enable_default_pie; PIEFLAG=-fPIE
+ enableval=$enable_default_pie; PICFLAG=-fPIE
else
- PIEFLAG=
+ PICFLAG=
fi
+# Enable --enable-host-pie
+# Check whether --enable-host-pie was given.
+if test "${enable_host_pie+set}" = set; then :
+ enableval=$enable_host_pie; PICFLAG=-fPIE; LD_PICFLAG=-pie
+fi
+
+
+
# Check if O_CLOEXEC is defined by fcntl
ac_ext=c
diff --git a/c++tools/configure.ac b/c++tools/configure.ac
index 6662b5ad7c9..1e42689f2eb 100644
--- a/c++tools/configure.ac
+++ b/c++tools/configure.ac
@@ -102,8 +102,15 @@ fi
AC_ARG_ENABLE(default-pie,
[AS_HELP_STRING([--enable-default-pie],
[enable Position Independent Executable as default])],
-[PIEFLAG=-fPIE], [PIEFLAG=])
-AC_SUBST([PIEFLAG])
+[PICFLAG=-fPIE], [PICFLAG=])
+
+# Enable --enable-host-pie
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build host code as PIE])],
+[PICFLAG=-fPIE; LD_PICFLAG=-pie], [])
+AC_SUBST(PICFLAG)
+AC_SUBST(LD_PICFLAG)
# Check if O_CLOEXEC is defined by fcntl
AC_CACHE_CHECK(for O_CLOEXEC, ac_cv_o_cloexec, [
diff --git a/gcc/Makefile.in b/gcc/Makefile.in
index 31ff95500c9..151dbfa54ec 100644
--- a/gcc/Makefile.in
+++ b/gcc/Makefile.in
@@ -155,6 +155,9 @@ LDFLAGS = @LDFLAGS@
# Should we build position-independent host code?
PICFLAG = @PICFLAG@
+# The linker flag for the above.
+LD_PICFLAG = @LD_PICFLAG@
+
# Flags to determine code coverage. When coverage is disabled, this will
# contain the optimization flags, as you normally want code coverage
# without optimization.
@@ -263,18 +266,17 @@ LINKER = $(CC)
LINKER_FLAGS = $(CFLAGS)
endif
+enable_host_pie = @enable_host_pie@
+
# Enable Intel CET on Intel CET enabled host if needed.
CET_HOST_FLAGS = @CET_HOST_FLAGS@
COMPILER += $(CET_HOST_FLAGS)
-NO_PIE_CFLAGS = @NO_PIE_CFLAGS@
-NO_PIE_FLAG = @NO_PIE_FLAG@
-
-# We don't want to compile the compilers with -fPIE, it make PCH fail.
-COMPILER += $(NO_PIE_CFLAGS)
+# Maybe compile the compilers with -fPIE or -fPIC.
+COMPILER += $(PICFLAG)
-# Link with -no-pie since we compile the compiler with -fno-PIE.
-LINKER += $(NO_PIE_FLAG)
+# Link with -pie, or -no-pie, depending on the above.
+LINKER += $(LD_PICFLAG)
# Like LINKER, but use a mutex for serializing front end links.
ifeq (@DO_LINK_MUTEX@,true)
@@ -1057,18 +1059,21 @@ ALL_CPPFLAGS = $(INCLUDES) $(CPPFLAGS)
ALL_COMPILERFLAGS = $(ALL_CXXFLAGS)
# This is the variable to use when using $(LINKER).
-ALL_LINKERFLAGS = $(ALL_CXXFLAGS)
+ALL_LINKERFLAGS = $(ALL_CXXFLAGS) $(LD_PICFLAG)
# Build and host support libraries.
-# Use the "pic" build of libiberty if --enable-host-shared, unless we are
-# building for mingw.
+# Use the "pic" build of libiberty if --enable-host-shared or --enable-host-pie,
+# unless we are building for mingw.
LIBIBERTY_PICDIR=$(if $(findstring mingw,$(target)),,pic)
-ifeq ($(enable_host_shared),yes)
+ifneq ($(enable_host_shared)$(enable_host_pie),)
LIBIBERTY = ../libiberty/$(LIBIBERTY_PICDIR)/libiberty.a
-BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a
else
LIBIBERTY = ../libiberty/libiberty.a
+endif
+ifeq ($(enable_host_shared),yes)
+BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/$(LIBIBERTY_PICDIR)/libiberty.a
+else
BUILD_LIBIBERTY = $(build_libobjdir)/libiberty/libiberty.a
endif
diff --git a/gcc/configure b/gcc/configure
index 258b17a226e..bd4fe1fd6ca 100755
--- a/gcc/configure
+++ b/gcc/configure
@@ -632,10 +632,10 @@ ac_includes_default="\
ac_subst_vars='LTLIBOBJS
LIBOBJS
CET_HOST_FLAGS
-NO_PIE_FLAG
-NO_PIE_CFLAGS
-enable_default_pie
+LD_PICFLAG
PICFLAG
+enable_default_pie
+enable_host_pie
enable_host_shared
enable_plugin
pluginlibs
@@ -1025,6 +1025,7 @@ enable_link_serialization
enable_version_specific_runtime_libs
enable_plugin
enable_host_shared
+enable_host_pie
enable_libquadmath_support
with_linker_hash_style
with_diagnostics_color
@@ -1787,6 +1788,7 @@ Optional Features:
in a compiler-specific directory
--enable-plugin enable plugin support
--enable-host-shared build host code as shared libraries
+ --enable-host-pie build host code as PIE
--disable-libquadmath-support
disable libquadmath support for Fortran
--enable-default-pie enable Position Independent Executable as default
@@ -19659,7 +19661,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 19395 "configure"
+#line 19409 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -19765,7 +19767,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 19501 "configure"
+#line 19515 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -32221,13 +32223,17 @@ fi
# Enable --enable-host-shared
# Check whether --enable-host-shared was given.
if test "${enable_host_shared+set}" = set; then :
- enableval=$enable_host_shared; PICFLAG=-fPIC
-else
- PICFLAG=
+ enableval=$enable_host_shared;
fi
+# Enable --enable-host-pie
+# Check whether --enable-host-pie was given.
+if test "${enable_host_pie+set}" = set; then :
+ enableval=$enable_host_pie;
+fi
+
# Check whether --enable-libquadmath-support was given.
@@ -32381,10 +32387,6 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_c_no_fpie" >&5
$as_echo "$gcc_cv_c_no_fpie" >&6; }
-if test "$gcc_cv_c_no_fpie" = "yes"; then
- NO_PIE_CFLAGS="-fno-PIE"
-fi
-
# Check if -no-pie works.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -no-pie option" >&5
@@ -32409,11 +32411,28 @@ rm -f core conftest.err conftest.$ac_objext \
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_no_pie" >&5
$as_echo "$gcc_cv_no_pie" >&6; }
-if test "$gcc_cv_no_pie" = "yes"; then
- NO_PIE_FLAG="-no-pie"
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
+elif test x$gcc_cv_c_no_fpie = xyes; then
+ PICFLAG=-fno-PIE
+else
+ PICFLAG=
+fi
+
+if test x$enable_host_pie = xyes; then
+ LD_PICFLAG=-pie
+elif test x$gcc_cv_no_pie = xyes; then
+ LD_PICFLAG=-no-pie
+else
+ LD_PICFLAG=
fi
+
+
# Enable Intel CET on Intel CET enabled host if jit is enabled.
# Check whether --enable-cet was given.
if test "${enable_cet+set}" = set; then :
diff --git a/gcc/configure.ac b/gcc/configure.ac
index 06750cee977..dca995aeec7 100644
--- a/gcc/configure.ac
+++ b/gcc/configure.ac
@@ -7488,11 +7488,14 @@ fi
# Enable --enable-host-shared
AC_ARG_ENABLE(host-shared,
[AS_HELP_STRING([--enable-host-shared],
- [build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
+ [build host code as shared libraries])])
AC_SUBST(enable_host_shared)
-AC_SUBST(PICFLAG)
+# Enable --enable-host-pie
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build host code as PIE])])
+AC_SUBST(enable_host_pie)
AC_ARG_ENABLE(libquadmath-support,
[AS_HELP_STRING([--disable-libquadmath-support],
@@ -7614,10 +7617,6 @@ AC_CACHE_CHECK([for -fno-PIE option],
[gcc_cv_c_no_fpie=yes],
[gcc_cv_c_no_fpie=no])
CXXFLAGS="$saved_CXXFLAGS"])
-if test "$gcc_cv_c_no_fpie" = "yes"; then
- NO_PIE_CFLAGS="-fno-PIE"
-fi
-AC_SUBST([NO_PIE_CFLAGS])
# Check if -no-pie works.
AC_CACHE_CHECK([for -no-pie option],
@@ -7628,10 +7627,27 @@ AC_CACHE_CHECK([for -no-pie option],
[gcc_cv_no_pie=yes],
[gcc_cv_no_pie=no])
LDFLAGS="$saved_LDFLAGS"])
-if test "$gcc_cv_no_pie" = "yes"; then
- NO_PIE_FLAG="-no-pie"
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
+elif test x$gcc_cv_c_no_fpie = xyes; then
+ PICFLAG=-fno-PIE
+else
+ PICFLAG=
fi
-AC_SUBST([NO_PIE_FLAG])
+
+if test x$enable_host_pie = xyes; then
+ LD_PICFLAG=-pie
+elif test x$gcc_cv_no_pie = xyes; then
+ LD_PICFLAG=-no-pie
+else
+ LD_PICFLAG=
+fi
+
+AC_SUBST([PICFLAG])
+AC_SUBST([LD_PICFLAG])
# Enable Intel CET on Intel CET enabled host if jit is enabled.
GCC_CET_HOST_FLAGS(CET_HOST_FLAGS)
diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi
index 93eae1f2582..be6985646b2 100644
--- a/gcc/doc/install.texi
+++ b/gcc/doc/install.texi
@@ -1021,14 +1021,26 @@ code.
@item --enable-host-shared
Specify that the @emph{host} code should be built into position-independent
-machine code (with -fPIC), allowing it to be used within shared libraries,
-but yielding a slightly slower compiler.
+machine code (with @option{-fPIC}), allowing it to be used within shared
+libraries, but yielding a slightly slower compiler.
This option is required when building the libgccjit.so library.
Contrast with @option{--enable-shared}, which affects @emph{target}
libraries.
+@item --enable-host-pie
+Specify that the @emph{host} executables should be built into
+position-independent executables (with @option{-fPIE} and @option{-pie}),
+yielding a slightly slower compiler (but faster than
+@option{--enable-host-shared}). Position-independent executables are loaded
+at random addresses each time they are executed, therefore provide additional
+protection against Return Oriented Programming (ROP) attacks.
+
+@option{--enable-host-pie}) may be used with @option{--enable-host-shared}),
+in which case @option{-fPIC} is used when compiling, and @option{-pie} when
+linking.
+
@item @anchor{with-gnu-as}--with-gnu-as
Specify that the compiler should assume that the
assembler it finds is the GNU assembler. However, this does not modify
diff --git a/libcody/Makefile.in b/libcody/Makefile.in
index 7eaf8ace8ce..0ff1625a39f 100644
--- a/libcody/Makefile.in
+++ b/libcody/Makefile.in
@@ -31,7 +31,7 @@ endif
CXXOPTS += $(filter-out -DHAVE_CONFIG_H,@DEFS@) -include config.h
# Linker options
-LDFLAGS := @LDFLAGS@
+LDFLAGS := @LDFLAGS@ @LD_PICFLAG@
LIBS := @LIBS@
# Per-source & per-directory compile flags (warning: recursive)
diff --git a/libcody/configure b/libcody/configure
index da52a5cfca5..0e536c0ccb0 100755
--- a/libcody/configure
+++ b/libcody/configure
@@ -591,7 +591,10 @@ configure_args
AR
RANLIB
EXCEPTIONS
+LD_PICFLAG
PICFLAG
+enable_host_pie
+enable_host_shared
OBJEXT
EXEEXT
ac_ct_CXX
@@ -653,6 +656,7 @@ enable_maintainer_mode
with_compiler
enable_checking
enable_host_shared
+enable_host_pie
enable_exceptions
'
ac_precious_vars='build_alias
@@ -1286,6 +1290,7 @@ Optional Features:
yes,no,all,none,release. Flags are: misc,valgrind or
other strings
--enable-host-shared build host code as shared libraries
+ --enable-host-pie build host code as PIE
--enable-exceptions enable exceptions & rtti
Optional Packages:
@@ -2635,11 +2640,34 @@ fi
# Enable --enable-host-shared.
# Check whether --enable-host-shared was given.
if test "${enable_host_shared+set}" = set; then :
- enableval=$enable_host_shared; PICFLAG=-fPIC
+ enableval=$enable_host_shared;
+fi
+
+
+
+# Enable --enable-host-pie.
+# Check whether --enable-host-pie was given.
+if test "${enable_host_pie+set}" = set; then :
+ enableval=$enable_host_pie;
+fi
+
+
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
else
PICFLAG=
fi
+if test x$enable_host_pie = xyes; then
+ LD_PICFLAG=-pie
+else
+ LD_PICFLAG=
+fi
+
+
# Check whether --enable-exceptions was given.
diff --git a/libcody/configure.ac b/libcody/configure.ac
index 960191ecb72..14e8dd4a226 100644
--- a/libcody/configure.ac
+++ b/libcody/configure.ac
@@ -63,9 +63,31 @@ fi
# Enable --enable-host-shared.
AC_ARG_ENABLE(host-shared,
[AS_HELP_STRING([--enable-host-shared],
- [build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
+ [build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
+else
+ PICFLAG=
+fi
+
+if test x$enable_host_pie = xyes; then
+ LD_PICFLAG=-pie
+else
+ LD_PICFLAG=
+fi
+
AC_SUBST(PICFLAG)
+AC_SUBST(LD_PICFLAG)
NMS_ENABLE_EXCEPTIONS
diff --git a/libcpp/configure b/libcpp/configure
index 75145390215..85168273cd1 100755
--- a/libcpp/configure
+++ b/libcpp/configure
@@ -625,6 +625,8 @@ ac_includes_default="\
ac_subst_vars='LTLIBOBJS
CET_HOST_FLAGS
PICFLAG
+enable_host_pie
+enable_host_shared
MAINT
USED_CATALOGS
PACKAGE
@@ -738,6 +740,7 @@ enable_maintainer_mode
enable_checking
enable_canonical_system_headers
enable_host_shared
+enable_host_pie
enable_cet
enable_valgrind_annotations
'
@@ -1379,6 +1382,7 @@ Optional Features:
--enable-canonical-system-headers
enable or disable system headers canonicalization
--enable-host-shared build host code as shared libraries
+ --enable-host-pie build host code as PIE
--enable-cet enable Intel CET in host libraries [default=auto]
--enable-valgrind-annotations
enable valgrind runtime interaction
@@ -7605,7 +7609,23 @@ esac
# Enable --enable-host-shared.
# Check whether --enable-host-shared was given.
if test "${enable_host_shared+set}" = set; then :
- enableval=$enable_host_shared; PICFLAG=-fPIC
+ enableval=$enable_host_shared;
+fi
+
+
+
+# Enable --enable-host-pie.
+# Check whether --enable-host-pie was given.
+if test "${enable_host_pie+set}" = set; then :
+ enableval=$enable_host_pie;
+fi
+
+
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
else
PICFLAG=
fi
diff --git a/libcpp/configure.ac b/libcpp/configure.ac
index 9b6042518e5..d25bf5f414f 100644
--- a/libcpp/configure.ac
+++ b/libcpp/configure.ac
@@ -211,8 +211,23 @@ esac
# Enable --enable-host-shared.
AC_ARG_ENABLE(host-shared,
[AS_HELP_STRING([--enable-host-shared],
- [build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
+ [build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
+else
+ PICFLAG=
+fi
+
AC_SUBST(PICFLAG)
# Enable Intel CET on Intel CET enabled host if jit is enabled.
diff --git a/libdecnumber/configure b/libdecnumber/configure
index da5302f9315..d805fdeab5a 100755
--- a/libdecnumber/configure
+++ b/libdecnumber/configure
@@ -626,6 +626,8 @@ ac_subst_vars='LTLIBOBJS
LIBOBJS
CET_HOST_FLAGS
PICFLAG
+enable_host_pie
+enable_host_shared
ADDITIONAL_OBJS
enable_decimal_float
target_os
@@ -706,6 +708,7 @@ enable_werror_always
enable_maintainer_mode
enable_decimal_float
enable_host_shared
+enable_host_pie
enable_cet
'
ac_precious_vars='build_alias
@@ -1338,6 +1341,7 @@ Optional Features:
or 'dpd' choses which decimal floating point format
to use
--enable-host-shared build host code as shared libraries
+ --enable-host-pie build host code as PIE
--enable-cet enable Intel CET in host libraries [default=auto]
Some influential environment variables:
@@ -5185,7 +5189,23 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
# Enable --enable-host-shared.
# Check whether --enable-host-shared was given.
if test "${enable_host_shared+set}" = set; then :
- enableval=$enable_host_shared; PICFLAG=-fPIC
+ enableval=$enable_host_shared;
+fi
+
+
+
+# Enable --enable-host-pie.
+# Check whether --enable-host-pie was given.
+if test "${enable_host_pie+set}" = set; then :
+ enableval=$enable_host_pie;
+fi
+
+
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
else
PICFLAG=
fi
diff --git a/libdecnumber/configure.ac b/libdecnumber/configure.ac
index 0794031ec83..14f67f926d1 100644
--- a/libdecnumber/configure.ac
+++ b/libdecnumber/configure.ac
@@ -100,8 +100,23 @@ AC_C_BIGENDIAN
# Enable --enable-host-shared.
AC_ARG_ENABLE(host-shared,
[AS_HELP_STRING([--enable-host-shared],
- [build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
+ [build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
+else
+ PICFLAG=
+fi
+
AC_SUBST(PICFLAG)
# Enable Intel CET on Intel CET enabled host if jit is enabled.
diff --git a/zlib/configure b/zlib/configure
index f489f31bc70..0dfc1982844 100755
--- a/zlib/configure
+++ b/zlib/configure
@@ -635,6 +635,8 @@ am__EXEEXT_TRUE
LTLIBOBJS
LIBOBJS
PICFLAG
+enable_host_pie
+enable_host_shared
TARGET_LIBRARY_FALSE
TARGET_LIBRARY_TRUE
toolexeclibdir
@@ -778,6 +780,7 @@ with_gnu_ld
enable_libtool_lock
with_toolexeclibdir
enable_host_shared
+enable_host_pie
'
ac_precious_vars='build_alias
host_alias
@@ -1420,6 +1423,7 @@ Optional Features:
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
--enable-host-shared build host code as shared libraries
+ --enable-host-pie build host code as PIE
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -4169,7 +4173,7 @@ case "$host" in
case "$enable_cet" in
auto)
# Check if target supports multi-byte NOPs
- # and if assembler supports CET insn.
+ # and if compiler and assembler support CET insn.
cet_save_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -fcf-protection"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -10735,7 +10739,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10748 "configure"
+#line 10754 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -10841,7 +10845,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10854 "configure"
+#line 10860 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -11524,15 +11528,31 @@ else
multilib_arg=
fi
+# Enable --enable-host-shared.
# Check whether --enable-host-shared was given.
if test "${enable_host_shared+set}" = set; then :
- enableval=$enable_host_shared; PICFLAG=-fPIC
+ enableval=$enable_host_shared;
+fi
+
+
+
+# Enable --enable-host-pie.
+# Check whether --enable-host-pie was given.
+if test "${enable_host_pie+set}" = set; then :
+ enableval=$enable_host_pie;
+fi
+
+
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
else
PICFLAG=
fi
-
ac_config_files="$ac_config_files Makefile"
cat >confcache <<\_ACEOF
diff --git a/zlib/configure.ac b/zlib/configure.ac
index be1cfe29651..adf7aad4e51 100644
--- a/zlib/configure.ac
+++ b/zlib/configure.ac
@@ -122,11 +122,26 @@ else
multilib_arg=
fi
+# Enable --enable-host-shared.
AC_ARG_ENABLE(host-shared,
[AS_HELP_STRING([--enable-host-shared],
- [build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
-AC_SUBST(PICFLAG)
+ [build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
+else
+ PICFLAG=
+fi
+AC_SUBST(PICFLAG)
AC_CONFIG_FILES([Makefile])
AC_OUTPUT
base-commit: ee50b4383a0dca88172c3a821418344bd7391956
--
2.34.1