systemtap/rhbz1982908.patch

commit 04b43f48f1091bdc4bfdbabae86745547e539f8c
Author: Frank Ch. Eigler <fche@redhat.com>
Date:   Mon Jul 26 15:49:15 2021 -0400

    releng: ditch custom pie/ssp CFLAGS engine in configure.ac
    
    Just inherit the desired c*flags from autoconf via environment
    variables from the distro spec files.  This lets us automatically
    benefit from centralized hardening flags on some distros.  OTOH
    distros without that now will need to add such settings to the build
    scripts that invoke this configure script.

diff --git a/configure b/configure
index 3830ca898..55ff87330 100755
--- a/configure
+++ b/configure
@@ -904,8 +904,6 @@ with_libiconv_prefix
 with_libintl_prefix
 enable_prologues
 enable_sdt_probes
-enable_ssp
-enable_pie
 with_debuginfod
 enable_sqlite
 enable_translator
@@ -1609,8 +1607,6 @@ Optional Features:
   --disable-rpath         do not hardcode runtime library paths
   --enable-prologues      make -P prologue-searching default
   --disable-sdt-probes    disable process.mark probes in stap, staprun, stapio
-  --disable-ssp           disable gcc stack-protector
-  --enable-pie            enable position-independent-executable
   --enable-sqlite         build with sqlite support
   --disable-translator    build only runtime utilities
   --enable-crash[=DIRECTORY]
@@ -10269,82 +10265,6 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 fi
 
-# Check whether --enable-ssp was given.
-if test "${enable_ssp+set}" = set; then :
-  enableval=$enable_ssp;
-fi
-
-if test "x$enable_ssp" != xno; then :
-
-   save_CFLAGS="$CFLAGS"
-   save_CXXFLAGS="$CXXFLAGS"
-   CXXFLAGS="-Werror -fstack-protector-all -D_FORTIFY_SOURCE=2 $CXXFLAGS"
-   CFLAGS="-Werror -fstack-protector-all -D_FORTIFY_SOURCE=2 $CFLAGS"
-   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-int something ();
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-       { $as_echo "$as_me:${as_lineno-$LINENO}: Compiling with gcc -fstack-protector-all et al." >&5
-$as_echo "$as_me: Compiling with gcc -fstack-protector-all et al." >&6;}
-	CFLAGS="-fstack-protector-all -D_FORTIFY_SOURCE=2 $save_CFLAGS"
-	CXXFLAGS="-fstack-protector-all -D_FORTIFY_SOURCE=2 $save_CXXFLAGS"
-else
-
-       { $as_echo "$as_me:${as_lineno-$LINENO}: Compiler does not support -fstack-protector-all et al." >&5
-$as_echo "$as_me: Compiler does not support -fstack-protector-all et al." >&6;}
-       CFLAGS="$save_CFLAGS"
-       CXXFLAGS="$save_CXXFLAGS"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-
-
-# Compiling with fPIE by default (but see PR 9922)
-# Check whether --enable-pie was given.
-if test "${enable_pie+set}" = set; then :
-  enableval=$enable_pie;
-fi
-
-if test "x$enable_pie" != xno; then :
-
-   PIECFLAGS='-fPIE'
-   PIECXXFLAGS='-fPIE'
-   PIELDFLAGS='-pie -Wl,-z,relro -Wl,-z,now'
-   save_CFLAGS="$CFLAGS"
-   save_CXXFLAGS="$CXXFLAGS"
-   save_LDFLAGS="$LDFLAGS"
-   CFLAGS="$CFLAGS $PIECFLAGS"
-   CXXFLAGS="$CXXFLAGS $PIECXXFLAGS"
-   LDFLAGS="$LDFLAGS $PIELDFLAGS"
-   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-void main () {}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-
-       { $as_echo "$as_me:${as_lineno-$LINENO}: Compiling with gcc pie et al." >&5
-$as_echo "$as_me: Compiling with gcc pie et al." >&6;}
-
-else
-
-       { $as_echo "$as_me:${as_lineno-$LINENO}: Compiler does not support -pie et al." >&5
-$as_echo "$as_me: Compiler does not support -pie et al." >&6;}
-       PIECFLAGS=""
-       PIECXXFLAGS=""
-       PIELDFLAGS=""
-
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-   CFLAGS="$save_CFLAGS"
-   CXXFLAGS="$save_CXXFLAGS"
-   LDFLAGS="$save_LDFLAGS"
-
-fi
 
 
 
diff --git a/configure.ac b/configure.ac
index d4fd9e1b0..a88c20bff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -190,60 +190,8 @@ AS_IF([test "x$HAVE_CXX11" != x1],[
   AC_LANG_POP(C++)
   ])
 
-AC_ARG_ENABLE([ssp],
-  [AS_HELP_STRING([--disable-ssp], [disable gcc stack-protector])])
-AS_IF([test "x$enable_ssp" != xno],[
-   save_CFLAGS="$CFLAGS"
-   save_CXXFLAGS="$CXXFLAGS"
-   CXXFLAGS="-Werror -fstack-protector-all -D_FORTIFY_SOURCE=2 $CXXFLAGS"
-   CFLAGS="-Werror -fstack-protector-all -D_FORTIFY_SOURCE=2 $CFLAGS"
-   AC_COMPILE_IFELSE([AC_LANG_SOURCE([int something ();])], [
-       AC_MSG_NOTICE([Compiling with gcc -fstack-protector-all et al.])
-	CFLAGS="-fstack-protector-all -D_FORTIFY_SOURCE=2 $save_CFLAGS"
-	CXXFLAGS="-fstack-protector-all -D_FORTIFY_SOURCE=2 $save_CXXFLAGS"],[
-       AC_MSG_NOTICE([Compiler does not support -fstack-protector-all et al.])
-       CFLAGS="$save_CFLAGS"
-       CXXFLAGS="$save_CXXFLAGS"])])
-
-
-dnl Link with gold if possible
-dnl but: https://bugzilla.redhat.com/show_bug.cgi?id=636603
-dnl
-dnl AC_PATH_PROG(GOLD, [ld.gold], [no])
-dnl if test "x$GOLD" != "xno"
-dnl then
-dnl   mkdir -p Bdir
-dnl   ln -sf $GOLD Bdir/ld
-dnl   LDFLAGS="$LDFLAGS -B`pwd`/Bdir/"
-dnl   AC_MSG_NOTICE([using ld.gold to link])
-dnl fi
-
-
-# Compiling with fPIE by default (but see PR 9922)
-AC_ARG_ENABLE([pie],
-  [AS_HELP_STRING([--enable-pie], [enable position-independent-executable])])
-AS_IF([test "x$enable_pie" != xno],[
-   PIECFLAGS='-fPIE'
-   PIECXXFLAGS='-fPIE'
-   PIELDFLAGS='-pie -Wl,-z,relro -Wl,-z,now'
-   save_CFLAGS="$CFLAGS"
-   save_CXXFLAGS="$CXXFLAGS"
-   save_LDFLAGS="$LDFLAGS"
-   CFLAGS="$CFLAGS $PIECFLAGS"
-   CXXFLAGS="$CXXFLAGS $PIECXXFLAGS"
-   LDFLAGS="$LDFLAGS $PIELDFLAGS"
-   AC_LINK_IFELSE([AC_LANG_SOURCE([void main () {}])], [
-       AC_MSG_NOTICE([Compiling with gcc pie et al.])
-   ], [
-       AC_MSG_NOTICE([Compiler does not support -pie et al.])
-       PIECFLAGS=""
-       PIECXXFLAGS=""
-       PIELDFLAGS=""
-   ])
-   CFLAGS="$save_CFLAGS"
-   CXXFLAGS="$save_CXXFLAGS"
-   LDFLAGS="$save_LDFLAGS"
-])
+dnl Carry forward some empty PIE*FLAGS so we don't have to modify
+dnl all the Makefile.am's just now.
 AC_SUBST(PIELDFLAGS)
 AC_SUBST(PIECFLAGS)
 AC_SUBST(PIECXXFLAGS)
diff --git a/systemtap.spec b/systemtap.spec
index e5224e902..a2458b4b5 100644
--- a/systemtap.spec
+++ b/systemtap.spec
@@ -11,7 +11,6 @@
 %endif
 %{!?with_rpm: %global with_rpm 1}
 %{!?elfutils_version: %global elfutils_version 0.179}
-%{!?pie_supported: %global pie_supported 1}
 %{!?with_boost: %global with_boost 0}
 %ifarch %{ix86} x86_64 ppc ppc64 ppc64le aarch64
 %{!?with_dyninst: %global with_dyninst 0%{?fedora} >= 18 || 0%{?rhel} >= 7}
@@ -589,14 +588,6 @@ systemtap-runtime-virthost machine to execute systemtap scripts.
 %global docs_config --enable-docs=prebuilt
 %endif
 
-# Enable pie as configure defaults to disabling it
-%if %{pie_supported}
-%global pie_config --enable-pie
-%else
-%global pie_config --disable-pie
-%endif
-
-
 %if %{with_java}
 %global java_config --with-java=%{_jvmdir}/java
 %else
@@ -646,8 +637,8 @@ systemtap-runtime-virthost machine to execute systemtap scripts.
 # We don't ship compileworthy python code, just oddball samples
 %global py_auto_byte_compile 0
 
-%configure %{dyninst_config} %{sqlite_config} %{crash_config} %{docs_config} %{pie_config} %{rpm_config} %{java_config} %{virt_config} %{dracut_config} %{python3_config} %{python2_probes_config} %{python3_probes_config} %{httpd_config} %{bpf_config} %{debuginfod_config} --disable-silent-rules --with-extra-version="rpm %{version}-%{release}"
-make %{?_smp_mflags}
+%configure %{dyninst_config} %{sqlite_config} %{crash_config} %{docs_config} %{rpm_config} %{java_config} %{virt_config} %{dracut_config} %{python3_config} %{python2_probes_config} %{python3_probes_config} %{httpd_config} %{bpf_config} %{debuginfod_config} --disable-silent-rules --with-extra-version="rpm %{version}-%{release}"
+make %{?_smp_mflags} V=1
 
 
 %install