net-proxy/torsocks/files/avoid-pie-static.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

We need to avoid tests which have -static and -pie together.

See https://bugs.gentoo.org/show_bug.cgi?id=533862

diff -Naur torsocks-2.0.0.orig/configure.ac torsocks-2.0.0/configure.ac
--- torsocks-2.0.0.orig/configure.ac	2014-08-11 12:44:46.000000000 -0400
+++ torsocks-2.0.0/configure.ac	2015-01-11 12:00:21.174826622 -0500
@@ -144,24 +144,6 @@
 # Version information for libtorsocks
 TORSOCKSLDFLAGS="$LDFLAGS -version-info 1:0:0"
 
-# Check for the gcc hardening flags.
-AX_CHECK_COMPILE_FLAG([-fPIE],[CFLAGS="$CFLAGS -fPIE"],[],[])
-AX_CHECK_COMPILE_FLAG([-fwrapv],[CFLAGS="$CFLAGS -fwrapv"],[],[])
-AX_CHECK_COMPILE_FLAG([--param ssp-buffer-size=1],
-	[CFLAGS="$CFLAGS --param ssp-buffer-size=1"],[],[])
-AX_CHECK_COMPILE_FLAG([-fstack-protector-all],
-	[CFLAGS="$CFLAGS -fstack-protector-all"],[],[]
-)
-AX_CHECK_COMPILE_FLAG([-fno-strict-overflow],
-	[CFLAGS="$CFLAGS -fno-strict-overflow"],[],[]
-)
-
-dnl Add hardening linker flags
-AX_CHECK_LINK_FLAG([-pie],[LDFLAGS="$LDFLAGS -pie"],[],[])
-AX_CHECK_LINK_FLAG([-z relro],[LDFLAGS="$LDFLAGS -z relro"],[],[])
-AX_CHECK_LINK_FLAG([-z now],[LDFLAGS="$LDFLAGS -z now"],[],[])
-LDFLAGS="$LDFLAGS -D_FORTIFY_SOURCE=2"
-
 dnl Linker checks for Mac OSX, which uses DYLD_INSERT_LIBRARIES
 dnl instead of LD_PRELOAD
 case "$host_os" in
@@ -255,6 +237,34 @@
 DEFAULT_INCLUDES="-I\$(top_srcdir) -I\$(top_builddir) -I\$(top_builddir)/src -I\$(top_builddir)/include -include config.h"
 AC_SUBST(DEFAULT_INCLUDES)
 
+##############################################################################
+# 9. Test and add hardening flags
+##############################################################################
+
+# Check for the gcc hardening flags.
+AX_CHECK_COMPILE_FLAG([-fPIE],[CFLAGS="$CFLAGS -fPIE"],[],[])
+AX_CHECK_COMPILE_FLAG([-fwrapv],[CFLAGS="$CFLAGS -fwrapv"],[],[])
+AX_CHECK_COMPILE_FLAG([--param ssp-buffer-size=1],
+	[CFLAGS="$CFLAGS --param ssp-buffer-size=1"],[],[])
+AX_CHECK_COMPILE_FLAG([-fstack-protector-all],
+	[CFLAGS="$CFLAGS -fstack-protector-all"],[],[]
+)
+AX_CHECK_COMPILE_FLAG([-fno-strict-overflow],
+	[CFLAGS="$CFLAGS -fno-strict-overflow"],[],[]
+)
+
+dnl Add hardening linker flags
+AX_CHECK_LINK_FLAG([-pie],[LDFLAGS="$LDFLAGS -pie"],[],[])
+AX_CHECK_LINK_FLAG([-z relro],[LDFLAGS="$LDFLAGS -z relro"],[],[])
+AX_CHECK_LINK_FLAG([-z now],[LDFLAGS="$LDFLAGS -z now"],[],[])
+
+dnl Add glibc hardening
+CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+
+##############################################################################
+# 10. Finish up
+##############################################################################
+
 AC_CONFIG_FILES([
 	Makefile
 	extras/Makefile