# include <unistd.h>
#endif"
+ac_c_werror_flag=
ac_subst_vars='LTLIBOBJS
KRB5CONFIG
LIBOBJS
LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc"
fi
fi
-if test "$enable_hardening" != "no"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector" >&5
-$as_echo_n "checking whether C compiler accepts -fstack-protector... " >&6; }
-if ${ax_cv_check_cflags___fstack_protector+:} false; then :
- $as_echo_n "(cached) " >&6
-else
-
- ax_check_save_flags=$CFLAGS
- CFLAGS="$CFLAGS -fstack-protector"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ax_cv_check_cflags___fstack_protector=yes
-else
- ax_cv_check_cflags___fstack_protector=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- CFLAGS=$ax_check_save_flags
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector" >&5
-$as_echo "$ax_cv_check_cflags___fstack_protector" >&6; }
-if test x"$ax_cv_check_cflags___fstack_protector" = xyes; then :
- CFLAGS="${CFLAGS} -fstack-protector"
-else
- :
-fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector" >&5
-$as_echo_n "checking whether the linker accepts -fstack-protector... " >&6; }
-if ${ax_cv_check_ldflags___fstack_protector+:} false; then :
- $as_echo_n "(cached) " >&6
-else
-
- ax_check_save_flags=$LDFLAGS
- LDFLAGS="$LDFLAGS -fstack-protector"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ax_cv_check_ldflags___fstack_protector=yes
-else
- ax_cv_check_ldflags___fstack_protector=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$ax_check_save_flags
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector" >&5
-$as_echo "$ax_cv_check_ldflags___fstack_protector" >&6; }
-if test x"$ax_cv_check_ldflags___fstack_protector" = xyes; then :
- LDFLAGS="${LDFLAGS} -fstack-protector"
-else
- :
-fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5
-$as_echo_n "checking whether the linker accepts -Wl,-z,relro... " >&6; }
-if ${ax_cv_check_ldflags___Wl__z_relro+:} false; then :
- $as_echo_n "(cached) " >&6
-else
-
- ax_check_save_flags=$LDFLAGS
- LDFLAGS="$LDFLAGS -Wl,-z,relro"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ax_cv_check_ldflags___Wl__z_relro=yes
-else
- ax_cv_check_ldflags___Wl__z_relro=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$ax_check_save_flags
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_relro" >&5
-$as_echo "$ax_cv_check_ldflags___Wl__z_relro" >&6; }
-if test x"$ax_cv_check_ldflags___Wl__z_relro" = xyes; then :
- LDFLAGS="${LDFLAGS} -Wl,-z,relro"
-else
- :
-fi
-
-fi
for ac_prog in 'bison -y' byacc
do
$as_echo "$iolog_dir" >&6; }
+if test "$enable_hardening" != "no"; then
+
+ac_c_werror_flag=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector" >&5
+$as_echo_n "checking whether C compiler accepts -fstack-protector... " >&6; }
+if ${ax_cv_check_cflags___fstack_protector+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ax_check_save_flags=$CFLAGS
+ CFLAGS="$CFLAGS -fstack-protector"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ax_cv_check_cflags___fstack_protector=yes
+else
+ ax_cv_check_cflags___fstack_protector=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ CFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector" >&5
+$as_echo "$ax_cv_check_cflags___fstack_protector" >&6; }
+if test x"$ax_cv_check_cflags___fstack_protector" = xyes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector" >&5
+$as_echo_n "checking whether the linker accepts -fstack-protector... " >&6; }
+if ${ax_cv_check_ldflags___fstack_protector+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ax_check_save_flags=$LDFLAGS
+ LDFLAGS="$LDFLAGS -fstack-protector"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ax_cv_check_ldflags___fstack_protector=yes
+else
+ ax_cv_check_ldflags___fstack_protector=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector" >&5
+$as_echo "$ax_cv_check_ldflags___fstack_protector" >&6; }
+if test x"$ax_cv_check_ldflags___fstack_protector" = xyes; then :
+
+ CFLAGS="${CFLAGS} -fstack-protector"
+ LDFLAGS="${LDFLAGS} -fstack-protector"
+
+else
+ :
+fi
+
+
+else
+ :
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5
+$as_echo_n "checking whether the linker accepts -Wl,-z,relro... " >&6; }
+if ${ax_cv_check_ldflags___Wl__z_relro+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ax_check_save_flags=$LDFLAGS
+ LDFLAGS="$LDFLAGS -Wl,-z,relro"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ax_cv_check_ldflags___Wl__z_relro=yes
+else
+ ax_cv_check_ldflags___Wl__z_relro=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_relro" >&5
+$as_echo "$ax_cv_check_ldflags___Wl__z_relro" >&6; }
+if test x"$ax_cv_check_ldflags___Wl__z_relro" = xyes; then :
+ LDFLAGS="${LDFLAGS} -Wl,-z,relro"
+else
+ :
+fi
+
+fi
+
case "$with_passwd" in
yes|maybe)
AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo"
LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc"
fi
fi
-dnl
-dnl Check for -fstack-protector and -z relro support
-dnl
-if test "$enable_hardening" != "no"; then
- AX_CHECK_COMPILE_FLAG([-fstack-protector], [CFLAGS="${CFLAGS} -fstack-protector"])
- AX_CHECK_LINK_FLAG([-fstack-protector], [LDFLAGS="${LDFLAGS} -fstack-protector"])
- AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])
-fi
dnl
dnl Program checks
SUDO_TIMEDIR
SUDO_IO_LOGDIR
+dnl
+dnl Check for -fstack-protector and -z relro support
+dnl This must be towards the end as it turns warnings
+dnl into fatal errors (and there is no way to undo that)
+dnl
+if test "$enable_hardening" != "no"; then
+ AC_LANG_WERROR
+ AX_CHECK_COMPILE_FLAG([-fstack-protector], [
+ AX_CHECK_LINK_FLAG([-fstack-protector], [
+ CFLAGS="${CFLAGS} -fstack-protector"
+ LDFLAGS="${LDFLAGS} -fstack-protector"
+ ])
+ ])
+ AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])
+fi
+
dnl
dnl Use passwd auth module?
dnl
projects / sudo / commitdiff