From 60b42421e900f9bb186c306a657f41b88e422bcd Mon Sep 17 00:00:00 2001
From: Marek Polacek <polacek@redhat.com>
Date: Mon, 7 Aug 2023 13:07:12 +0200
Subject: configure: Implement --enable-host-pie

This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE.  This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.

Co-Authored by: Iain Sandoe  <iain@sandoe.co.uk>

	* configure.ac (--enable-host-pie): New check.  Set PICFLAG after this
	check.

intl/
	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.

libdecnumber/
	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.

zlib/
	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.
---
 zlib/configure.ac | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'zlib')

diff --git a/zlib/configure.ac b/zlib/configure.ac
index ec73c21..b50b9c7 100644
--- a/zlib/configure.ac
+++ b/zlib/configure.ac
@@ -121,11 +121,26 @@ else
   multilib_arg=
 fi
 
+# Enable --enable-host-shared.
 AC_ARG_ENABLE(host-shared,
 [AS_HELP_STRING([--enable-host-shared],
-		[build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
-AC_SUBST(PICFLAG)
+		[build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+		[build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+  PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+  PICFLAG=-fPIE
+else
+  PICFLAG=
+fi
 
+AC_SUBST(PICFLAG)
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT
-- 
cgit v1.1