blob: ccdbee215d35880017f35a0a6edfab4cc854d4e4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
From 6186bcf1bcaaa0f16e79339e07c64c841d4d957d Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Fri, 2 Dec 2016 20:52:40 +0200
Subject: [PATCH] Enforce -no-pie, if the compiler supports it.
Add a -no-pie as recent (2 Dec 2016) Debian testing compiler
seems to default to enabling PIE when linking. See
https://wiki.ubuntu.com/SecurityTeam/PIE
Upstream-Status: Pending
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
acinclude.m4 | 2 +-
configure.ac | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/acinclude.m4 b/acinclude.m4
index 19200b0..a713923 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -416,7 +416,7 @@ int main() {
[# `$CC -c -o ...' might not be portable. But, oh, well... Is calling
# `ac_compile' like this correct, after all?
-if eval "$ac_compile -S -o conftest.s" 2> /dev/null; then]
+if eval "$ac_compile -S -o conftest.s" 2> /dev/null && eval "$CC -dumpspecs 2>/dev/null | grep -e no-pie" ; then]
AC_MSG_RESULT([yes])
[# Should we clear up other files as well, having called `AC_LANG_CONFTEST'?
rm -f conftest.s
diff --git a/configure.ac b/configure.ac
index df20991..506c6b4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -603,7 +603,7 @@ grub_CHECK_PIE
[# Need that, because some distributions ship compilers that include
# `-fPIE' in the default specs.
if [ x"$pie_possible" = xyes ]; then
- TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE"
+ TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE -no-pie"
fi]
# Position independent executable.
--
2.10.2
|
