gcc.git/c++tools/configure, branch master Unnamed repository; edit this file 'description' to name the repository. c++tools: Don't check --enable-default-pie. 2025-06-02T06:47:29+00:00 Kito Cheng kito.cheng@sifive.com 2025-05-27T02:10:15+00:00 3f1f99ef82a65d66e3aaa429bf4fb746b93da0db `--enable-default-pie` is an option to specify whether to enable position-independent executables by default for `target`. However c++tools is build for `host`, so it should just follow `--enable-host-pie` option to determine whether to build with position-independent executables or not. NOTE: I checked PR 98324 and build with same configure option (`--enable-default-pie` and lto bootstrap) on x86-64 linux to make sure it won't cause same problem. c++tools/ChangeLog: * configure.ac: Don't check `--enable-default-pie`. * configure: Regen. 
`--enable-default-pie` is an option to specify whether to enable
position-independent executables by default for `target`.

However c++tools is build for `host`, so it should just follow
`--enable-host-pie` option to determine whether to build with
position-independent executables or not.

NOTE:

I checked PR 98324 and build with same configure option
(`--enable-default-pie` and lto bootstrap) on x86-64 linux to make sure
it won't cause same problem.

c++tools/ChangeLog:

	* configure.ac: Don't check `--enable-default-pie`.
	* configure: Regen.
Remove obsolete Solaris 11.3 support 2024-05-07T08:45:55+00:00 Rainer Orth ro@CeBiTec.Uni-Bielefeld.DE 2024-05-07T08:45:55+00:00 f68e90a0fe88c50ad6f4b15ba9e9503c710d3444 Support for Solaris 11.3 had already been obsoleted in GCC 13. However, since the only Solaris system in the cfarm was running 11.3, I've kept it in tree until now when both Solaris 11.4/SPARC and x86 systems have been added. This patch actually removes the Solaris 11.3 support. Apart from several minor simplifications, there are two more widespread changes: * In Solaris 11.4, libsocket and libnsl were folded into libc, so there's no longer a need to link them explictly. * Since Solaris 11.4, Solaris includes all crts needed by gcc (like crt1.o and gcrt1.o) with the base system. All workarounds to provide fallbacks can thus go. Bootstrapped without regressions on i386-pc-solaris2.11 and sparc-sun-solaris2.11 (as/ld, gas/ld, and gas/gld) as well as Solaris 11.3/x86 to ascertain that version is actually rejected. 2024-04-30 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE> c++tools: * configure.ac (ax_lib_socket_nsl.m4): Don't sinclude. (AX_LIB_SOCKET_NSL): Don't call. (NETLIBS): Remove. * configure: Regenerate. * Makefile.in (NETLIBS): Remove. (g++-mapper-server$(exeext)): Remove $(NETLIBS). gcc: * config.gcc: Move *-*-solaris2.11.[0-3]* to unsupported list. <*-*-solaris2*> (default_use_cxa_atexit): Set unconditionally. * configure.ac (AX_LIB_SOCKET_NSL): Don't call. (NETLIBS): Remove. (gcc_cv_ld_aligned_shf_merge): Remove. (hidden_linkonce) <i?86-*-solaris2* | x86_64-*-solaris2*>: Remove. (gcc_cv_target_dl_iterate_phdr) <*-*-solaris2*>: Always set to yes. * Makefile.in (NETLIBS): Remove. * configure, config.in, aclocal.m4: Regenerate. * config/sol2.h: Don't check HAVE_SOLARIS_CRTS. (STARTFILE_SPEC): Remove !HAVE_SOLARIS_CRTS case. [USE_GLD] (LINK_EH_SPEC): Remove TARGET_DL_ITERATE_PHDR guard. * config/i386/i386.cc (USE_HIDDEN_LINKONCE): Remove guard. * varasm.cc (mergeable_string_section): Remove HAVE_LD_ALIGNED_SHF_MERGE handling. (mergeable_constant_section): Likewise. * doc/install.texi (Specific,i?86-*-solaris2*): Reference Solaris 11.4 only. (Specific, *-*-solaris2*): Document Solaris 11.3 removal. Remove 11.3 references and caveats. Update for 11.4. gcc/cp: * Make-lang.in (cc1plus$(exeext)): Remove $(NETLIBS). gcc/objcp: * Make-lang.in (cc1objplus$(exeext)): Remove $(NETLIBS). gcc/testsuite: * lib/target-supports.exp (check_effective_target_pie): Always enable on *-*-solaris2*. libgcc: * configure.ac <*-*-solaris2*> (libgcc_cv_solaris_crts): Remove. * config.host <*-*-solaris2*>: Remove !libgcc_cv_solaris_crts support. * configure, config.in: Regenerate. * config/sol2/gmon.c (internal_mcount) [!HAVE_SOLARIS_CRTS]: Remove. * config/i386/sol2-c1.S, config/sparc/sol2-c1.S: Remove. * config/sol2/t-sol2 (crt1.o, gcrt1.o): Remove. libstdc++-v3: * testsuite/lib/dg-options.exp (add_options_for_net_ts) <*-*-solaris2*>: Don't link with -lsocket -lnsl. 
Support for Solaris 11.3 had already been obsoleted in GCC 13.  However,
since the only Solaris system in the cfarm was running 11.3, I've kept
it in tree until now when both Solaris 11.4/SPARC and x86 systems have
been added.

This patch actually removes the Solaris 11.3 support.  Apart from
several minor simplifications, there are two more widespread changes:

* In Solaris 11.4, libsocket and libnsl were folded into libc, so
  there's no longer a need to link them explictly.

* Since Solaris 11.4, Solaris includes all crts needed by gcc (like
  crt1.o and gcrt1.o) with the base system.  All workarounds to provide
  fallbacks can thus go.

Bootstrapped without regressions on i386-pc-solaris2.11 and
sparc-sun-solaris2.11 (as/ld, gas/ld, and gas/gld) as well as Solaris
11.3/x86 to ascertain that version is actually rejected.

2024-04-30  Rainer Orth  <ro@CeBiTec.Uni-Bielefeld.DE>

	c++tools:
	* configure.ac (ax_lib_socket_nsl.m4): Don't sinclude.
	(AX_LIB_SOCKET_NSL): Don't call.
	(NETLIBS): Remove.
	* configure: Regenerate.
	* Makefile.in (NETLIBS): Remove.
	(g++-mapper-server$(exeext)): Remove $(NETLIBS).

	gcc:
	* config.gcc: Move *-*-solaris2.11.[0-3]* to unsupported list.
	<*-*-solaris2*> (default_use_cxa_atexit): Set unconditionally.
	* configure.ac (AX_LIB_SOCKET_NSL): Don't call.
	(NETLIBS): Remove.
	(gcc_cv_ld_aligned_shf_merge): Remove.
	(hidden_linkonce) <i?86-*-solaris2* | x86_64-*-solaris2*>: Remove.
	(gcc_cv_target_dl_iterate_phdr) <*-*-solaris2*>: Always set to yes.
	* Makefile.in (NETLIBS): Remove.
	* configure, config.in, aclocal.m4: Regenerate.
	* config/sol2.h: Don't check HAVE_SOLARIS_CRTS.
	(STARTFILE_SPEC): Remove !HAVE_SOLARIS_CRTS case.
	[USE_GLD] (LINK_EH_SPEC): Remove TARGET_DL_ITERATE_PHDR guard.
	* config/i386/i386.cc (USE_HIDDEN_LINKONCE): Remove guard.
	* varasm.cc (mergeable_string_section): Remove
	HAVE_LD_ALIGNED_SHF_MERGE handling.
	(mergeable_constant_section): Likewise.

	* doc/install.texi (Specific,i?86-*-solaris2*): Reference Solaris
	11.4 only.
	(Specific, *-*-solaris2*): Document Solaris 11.3 removal.  Remove
	11.3 references and caveats.  Update for 11.4.

	gcc/cp:
	* Make-lang.in (cc1plus$(exeext)): Remove $(NETLIBS).

	gcc/objcp:
	* Make-lang.in (cc1objplus$(exeext)): Remove $(NETLIBS).

	gcc/testsuite:
	* lib/target-supports.exp (check_effective_target_pie): Always
	enable on *-*-solaris2*.

	libgcc:
	* configure.ac <*-*-solaris2*> (libgcc_cv_solaris_crts): Remove.
	* config.host <*-*-solaris2*>: Remove !libgcc_cv_solaris_crts
	support.
	* configure, config.in: Regenerate.
	* config/sol2/gmon.c (internal_mcount) [!HAVE_SOLARIS_CRTS]: Remove.
	* config/i386/sol2-c1.S, config/sparc/sol2-c1.S: Remove.
	* config/sol2/t-sol2 (crt1.o, gcrt1.o): Remove.

	libstdc++-v3:
	* testsuite/lib/dg-options.exp (add_options_for_net_ts)
	<*-*-solaris2*>: Don't link with -lsocket -lnsl.
configure: Implement --enable-host-bind-now 2023-06-22T17:43:32+00:00 Marek Polacek polacek@redhat.com 2023-06-22T15:30:01+00:00 33ebb0dff9bb022f1e0709e0e73faabfc3df7931 As promised in the --enable-host-pie patch, this patch adds another configure option, --enable-host-bind-now, which adds -z now when linking the compiler executables in order to extend hardening. BIND_NOW with RELRO allows the GOT to be marked RO; this prevents GOT modification attacks. This option does not affect linking of target libraries; you can use LDFLAGS_FOR_TARGET=-Wl,-z,relro,-z,now to enable RELRO/BIND_NOW. With this patch: $ readelf -Wd cc1{,plus,obj,gm2} f951 lto1 cpp rust1 gnat1 | grep FLAGS 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE c++tools/ChangeLog: * configure.ac (--enable-host-bind-now): New check. * configure: Regenerate. gcc/ChangeLog: * configure.ac (--enable-host-bind-now): New check. Add -Wl,-z,now to LD_PICFLAG if --enable-host-bind-now. * configure: Regenerate. * doc/install.texi: Document --enable-host-bind-now. lto-plugin/ChangeLog: * configure.ac (--enable-host-bind-now): New check. Link with -z,now. * configure: Regenerate. 
As promised in the --enable-host-pie patch, this patch adds another
configure option, --enable-host-bind-now, which adds -z now when linking
the compiler executables in order to extend hardening.  BIND_NOW with RELRO
allows the GOT to be marked RO; this prevents GOT modification attacks.

This option does not affect linking of target libraries; you can use
LDFLAGS_FOR_TARGET=-Wl,-z,relro,-z,now to enable RELRO/BIND_NOW.

With this patch:
$ readelf -Wd cc1{,plus,obj,gm2} f951 lto1 cpp  rust1 gnat1 | grep FLAGS
 0x000000000000001e (FLAGS)              BIND_NOW
 0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE
 0x000000000000001e (FLAGS)              BIND_NOW
 0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE
 0x000000000000001e (FLAGS)              BIND_NOW
 0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE
 0x000000000000001e (FLAGS)              BIND_NOW
 0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE
 0x000000000000001e (FLAGS)              BIND_NOW
 0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE
 0x000000000000001e (FLAGS)              BIND_NOW
 0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE
 0x000000000000001e (FLAGS)              BIND_NOW
 0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE
 0x000000000000001e (FLAGS)              BIND_NOW
 0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE
 0x000000000000001e (FLAGS)              BIND_NOW
 0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE

c++tools/ChangeLog:

	* configure.ac (--enable-host-bind-now): New check.
	* configure: Regenerate.

gcc/ChangeLog:

	* configure.ac (--enable-host-bind-now): New check.  Add
	-Wl,-z,now to LD_PICFLAG if --enable-host-bind-now.
	* configure: Regenerate.
	* doc/install.texi: Document --enable-host-bind-now.

lto-plugin/ChangeLog:

	* configure.ac (--enable-host-bind-now): New check.  Link with
	-z,now.
	* configure: Regenerate.
configure: Implement --enable-host-pie 2023-06-15T20:51:27+00:00 Marek Polacek polacek@redhat.com 2023-05-03T21:06:13+00:00 b6cb10af12cf869c1ae348c0e5cb2d364ef0abce [ This is my third attempt to add this configure option. The first version was approved but it came too late in the development cycle. The second version was also approved, but I had to revert it: <https://gcc.gnu.org/pipermail/gcc-patches/2022-November/607082.html>. I've fixed the problem (by moving $(PICFLAG) from INTERNAL_CFLAGS to ALL_COMPILERFLAGS). Another change is that since r13-4536 I no longer need to touch Makefile.def, so this patch is simplified. ] This patch implements the --enable-host-pie configure option which makes the compiler executables PIE. This can be used to enhance protection against ROP attacks, and can be viewed as part of a wider trend to harden binaries. It is similar to the option --enable-host-shared, except that --e-h-s won't add -shared to the linker flags whereas --e-h-p will add -pie. It is different from --enable-default-pie because that option just adds an implicit -fPIE/-pie when the compiler is invoked, but the compiler itself isn't PIE. Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH regressions. When building the compiler, the build process may use various in-tree libraries; these need to be built with -fPIE so that it's possible to use them when building a PIE. For instance, when --with-included-gettext is in effect, intl object files must be compiled with -fPIE. Similarly, when building in-tree gmp, isl, mpfr and mpc, they must be compiled with -fPIE. With this patch and --enable-host-pie used to configure gcc: $ file gcc/cc1{,plus,obj,gm2} gcc/f951 gcc/lto1 gcc/cpp gcc/go1 gcc/rust1 gcc/gnat1 gcc/cc1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=98e22cde129d304aa6f33e61b1c39e144aeb135e, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cc1plus: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=859d1ea37e43dfe50c18fd4e3dd9a34bb1db8f77, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cc1obj: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=1964f8ecee6163182bc26134e2ac1f324816e434, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cc1gm2: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a396672c7ff913d21855829202e7b02ecf42ff4c, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/f951: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=59c523db893186547ac75c7a71f48be0a461c06b, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/lto1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=084a7b77df7be2d63c2d4c655b5bbc3fcdb6038d, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/cpp: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=3503bf8390d219a10d6653b8560aa21158132168, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/go1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=988cc673af4fba5dcb482f4b34957b99050a68c5, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/rust1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b6a5d3d514446c4dcdee0707f086ab9b274a8a3c, for GNU/Linux 3.2.0, with debug_info, not stripped gcc/gnat1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=bb11ccdc2c366fe3fe0980476bcd8ca19b67f9dc, for GNU/Linux 3.2.0, with debug_info, not stripped I plan to add an option to link with -Wl,-z,now. Bootstrapped on x86_64-pc-linux-gnu with --with-included-gettext --enable-host-pie as well as without --enable-host-pie. Also tested on a Debian system where the system gcc was configured with --enable-default-pie. Co-Authored by: Iain Sandoe <iain@sandoe.co.uk> ChangeLog: * configure.ac (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. c++tools/ChangeLog: * Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it. Use pic/libiberty.a if PICFLAG is set. * configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG. (--enable-host-pie): New check. * configure: Regenerate. fixincludes/ChangeLog: * Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic" build of libiberty if PICFLAG is set. * configure.ac: * configure: Regenerate. gcc/ChangeLog: * Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie. Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. * doc/install.texi: Document --enable-host-pie. gcc/ada/ChangeLog: * gcc-interface/Make-lang.in (ALL_ADAFLAGS): Remove NO_PIE_CFLAGS. Add PICFLAG. Use PICFLAG when building ada/b_gnat1.o and ada/b_gnatb.o. * gcc-interface/Makefile.in: Use pic/libiberty.a if PICFLAG is set. Remove NO_PIE_FLAG. gcc/m2/ChangeLog: * Make-lang.in: New var, GM2_PICFLAGS. Use it. gcc/d/ChangeLog: * Make-lang.in: Remove NO_PIE_CFLAGS. intl/ChangeLog: * Makefile.in: Use @PICFLAG@ in COMPILE as well. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libcody/ChangeLog: * Makefile.in: Pass LD_PICFLAG to LDFLAGS. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. libcpp/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libdecnumber/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libiberty/ChangeLog: * configure.ac: Also set shared when enable_host_pie. * configure: Regenerate. zlib/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. 
[ This is my third attempt to add this configure option.  The first
version was approved but it came too late in the development cycle.
The second version was also approved, but I had to revert it:
<https://gcc.gnu.org/pipermail/gcc-patches/2022-November/607082.html>.
I've fixed the problem (by moving $(PICFLAG) from INTERNAL_CFLAGS to
ALL_COMPILERFLAGS).  Another change is that since r13-4536 I no longer
need to touch Makefile.def, so this patch is simplified. ]

This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE.  This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.

It is similar to the option --enable-host-shared, except that --e-h-s
won't add -shared to the linker flags whereas --e-h-p will add -pie.
It is different from --enable-default-pie because that option just
adds an implicit -fPIE/-pie when the compiler is invoked, but the
compiler itself isn't PIE.

Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH
regressions.

When building the compiler, the build process may use various in-tree
libraries; these need to be built with -fPIE so that it's possible to
use them when building a PIE.  For instance, when --with-included-gettext
is in effect, intl object files must be compiled with -fPIE.  Similarly,
when building in-tree gmp, isl, mpfr and mpc, they must be compiled with
-fPIE.

With this patch and --enable-host-pie used to configure gcc:

$ file gcc/cc1{,plus,obj,gm2} gcc/f951 gcc/lto1 gcc/cpp gcc/go1 gcc/rust1 gcc/gnat1
gcc/cc1:     ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=98e22cde129d304aa6f33e61b1c39e144aeb135e, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cc1plus: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=859d1ea37e43dfe50c18fd4e3dd9a34bb1db8f77, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cc1obj:  ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=1964f8ecee6163182bc26134e2ac1f324816e434, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cc1gm2:  ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a396672c7ff913d21855829202e7b02ecf42ff4c, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/f951:    ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=59c523db893186547ac75c7a71f48be0a461c06b, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/lto1:    ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=084a7b77df7be2d63c2d4c655b5bbc3fcdb6038d, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cpp:     ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=3503bf8390d219a10d6653b8560aa21158132168, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/go1:     ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=988cc673af4fba5dcb482f4b34957b99050a68c5, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/rust1:   ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b6a5d3d514446c4dcdee0707f086ab9b274a8a3c, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/gnat1:   ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=bb11ccdc2c366fe3fe0980476bcd8ca19b67f9dc, for GNU/Linux 3.2.0, with debug_info, not stripped

I plan to add an option to link with -Wl,-z,now.

Bootstrapped on x86_64-pc-linux-gnu with --with-included-gettext
--enable-host-pie as well as without --enable-host-pie.  Also tested
on a Debian system where the system gcc was configured with
--enable-default-pie.

Co-Authored by: Iain Sandoe  <iain@sandoe.co.uk>

ChangeLog:

	* configure.ac (--enable-host-pie): New check.  Set PICFLAG after this
	check.
	* configure: Regenerate.

c++tools/ChangeLog:

	* Makefile.in: Rename PIEFLAG to PICFLAG.  Set LD_PICFLAG.  Use it.
	Use pic/libiberty.a if PICFLAG is set.
	* configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG.
	(--enable-host-pie): New check.
	* configure: Regenerate.

fixincludes/ChangeLog:

	* Makefile.in: Set and use PICFLAG and LD_PICFLAG.  Use the "pic"
	build of libiberty if PICFLAG is set.
	* configure.ac:
	* configure: Regenerate.

gcc/ChangeLog:

	* Makefile.in: Set LD_PICFLAG.  Use it.  Set enable_host_pie.
	Remove NO_PIE_CFLAGS and NO_PIE_FLAG.  Pass LD_PICFLAG to
	ALL_LINKERFLAGS.  Use the "pic" build of libiberty if --enable-host-pie.
	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG and LD_PICFLAG after this
	check.
	* configure: Regenerate.
	* doc/install.texi: Document --enable-host-pie.

gcc/ada/ChangeLog:

	* gcc-interface/Make-lang.in (ALL_ADAFLAGS): Remove NO_PIE_CFLAGS.  Add
	PICFLAG.  Use PICFLAG when building ada/b_gnat1.o and ada/b_gnatb.o.
	* gcc-interface/Makefile.in: Use pic/libiberty.a if PICFLAG is set.
	Remove NO_PIE_FLAG.

gcc/m2/ChangeLog:

	* Make-lang.in: New var, GM2_PICFLAGS.  Use it.

gcc/d/ChangeLog:

	* Make-lang.in: Remove NO_PIE_CFLAGS.

intl/ChangeLog:

	* Makefile.in: Use @PICFLAG@ in COMPILE as well.
	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.
	* configure: Regenerate.

libcody/ChangeLog:

	* Makefile.in: Pass LD_PICFLAG to LDFLAGS.
	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG and LD_PICFLAG after this
	check.
	* configure: Regenerate.

libcpp/ChangeLog:

	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.
	* configure: Regenerate.

libdecnumber/ChangeLog:

	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.
	* configure: Regenerate.

libiberty/ChangeLog:

	* configure.ac: Also set shared when enable_host_pie.
	* configure: Regenerate.

zlib/ChangeLog:

	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.
	* configure: Regenerate.
Revert "configure: Implement --enable-host-pie" 2022-11-23T02:10:31+00:00 Marek Polacek polacek@redhat.com 2022-11-23T02:10:31+00:00 04711f5189a72c2fcaeed520d65582704adca042 This reverts commit 251c72a68af3a8b0638705b73ef120ffdf0053eb. 
This reverts commit 251c72a68af3a8b0638705b73ef120ffdf0053eb.
Revert "configure: Implement --enable-host-bind-now" 2022-11-23T02:10:19+00:00 Marek Polacek polacek@redhat.com 2022-11-23T02:10:19+00:00 30f399ee9318bcb44e3e2debde086303157a347d This reverts commit 258d7149f92f19380c9f7763618d62408c064e60. 
This reverts commit 258d7149f92f19380c9f7763618d62408c064e60.
configure: Implement --enable-host-bind-now 2022-11-23T01:47:49+00:00 Marek Polacek polacek@redhat.com 2022-11-23T01:46:46+00:00 258d7149f92f19380c9f7763618d62408c064e60 As promised in the --enable-host-pie patch, this patch adds another configure option, --enable-host-bind-now, which adds -z now when linking the compiler executables in order to extend hardening. BIND_NOW with RELRO allows the GOT to be marked RO; this prevents GOT modification attacks. This option does not affect linking of target libraries; you can use LDFLAGS_FOR_TARGET=-Wl,-z,relro,-z,now to enable RELRO/BIND_NOW. c++tools/ChangeLog: * configure.ac (--enable-host-bind-now): New check. * configure: Regenerate. gcc/ChangeLog: * configure.ac (--enable-host-bind-now): New check. Add -Wl,-z,now to LD_PICFLAG if --enable-host-bind-now. * configure: Regenerate. * doc/install.texi: Document --enable-host-bind-now. lto-plugin/ChangeLog: * configure.ac (--enable-host-bind-now): New check. Link with -z,now. * configure: Regenerate. 
As promised in the --enable-host-pie patch, this patch adds another
configure option, --enable-host-bind-now, which adds -z now when linking
the compiler executables in order to extend hardening.  BIND_NOW with RELRO
allows the GOT to be marked RO; this prevents GOT modification attacks.

This option does not affect linking of target libraries; you can use
LDFLAGS_FOR_TARGET=-Wl,-z,relro,-z,now to enable RELRO/BIND_NOW.

c++tools/ChangeLog:

	* configure.ac (--enable-host-bind-now): New check.
	* configure: Regenerate.

gcc/ChangeLog:

	* configure.ac (--enable-host-bind-now): New check.  Add
	-Wl,-z,now to LD_PICFLAG if --enable-host-bind-now.
	* configure: Regenerate.
	* doc/install.texi: Document --enable-host-bind-now.

lto-plugin/ChangeLog:

	* configure.ac (--enable-host-bind-now): New check.  Link with
	-z,now.
	* configure: Regenerate.
configure: Implement --enable-host-pie 2022-11-23T01:32:18+00:00 Marek Polacek polacek@redhat.com 2022-11-10T21:33:03+00:00 251c72a68af3a8b0638705b73ef120ffdf0053eb This patch implements the --enable-host-pie configure option which makes the compiler executables PIE. This can be used to enhance protection against ROP attacks, and can be viewed as part of a wider trend to harden binaries. It is similar to the option --enable-host-shared, except that --e-h-s won't add -shared to the linker flags whereas --e-h-p will add -pie. It is different from --enable-default-pie because that option just adds an implicit -fPIE/-pie when the compiler is invoked, but the compiler itself isn't PIE. Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH regressions. When building the compiler, the build process may use various in-tree libraries; these need to be built with -fPIE so that it's possible to use them when building a PIE. For instance, when --with-included-gettext is in effect, intl object files must be compiled with -fPIE. Similarly, when building in-tree gmp, isl, mpfr and mpc, they must be compiled with -fPIE. I plan to add an option to link with -Wl,-z,now. ChangeLog: * Makefile.def: Pass $(PICFLAG) to AM_CFLAGS for gmp, mpfr, mpc, and isl. * Makefile.in: Regenerate. * Makefile.tpl: Set PICFLAG. * configure.ac (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. c++tools/ChangeLog: * Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it. Use pic/libiberty.a if PICFLAG is set. * configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG. (--enable-host-pie): New check. * configure: Regenerate. fixincludes/ChangeLog: * Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic" build of libiberty if PICFLAG is set. * configure.ac: * configure: Regenerate. gcc/ChangeLog: * Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie. Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. * doc/install.texi: Document --enable-host-pie. gcc/d/ChangeLog: * Make-lang.in: Remove NO_PIE_CFLAGS. intl/ChangeLog: * Makefile.in: Use @PICFLAG@ in COMPILE as well. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libcody/ChangeLog: * Makefile.in: Pass LD_PICFLAG to LDFLAGS. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. libcpp/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libdecnumber/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libiberty/ChangeLog: * configure.ac: Also set shared when enable_host_pie. * configure: Regenerate. zlib/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. 
This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE.  This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.

It is similar to the option --enable-host-shared, except that --e-h-s
won't add -shared to the linker flags whereas --e-h-p will add -pie.
It is different from --enable-default-pie because that option just
adds an implicit -fPIE/-pie when the compiler is invoked, but the
compiler itself isn't PIE.

Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH
regressions.

When building the compiler, the build process may use various in-tree
libraries; these need to be built with -fPIE so that it's possible to
use them when building a PIE.  For instance, when --with-included-gettext
is in effect, intl object files must be compiled with -fPIE.  Similarly,
when building in-tree gmp, isl, mpfr and mpc, they must be compiled with
-fPIE.

I plan to add an option to link with -Wl,-z,now.

ChangeLog:

	* Makefile.def: Pass $(PICFLAG) to AM_CFLAGS for gmp, mpfr, mpc, and
	isl.
	* Makefile.in: Regenerate.
	* Makefile.tpl: Set PICFLAG.
	* configure.ac (--enable-host-pie): New check.  Set PICFLAG after this
	check.
	* configure: Regenerate.

c++tools/ChangeLog:

	* Makefile.in: Rename PIEFLAG to PICFLAG.  Set LD_PICFLAG.  Use it.
	Use pic/libiberty.a if PICFLAG is set.
	* configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG.
	(--enable-host-pie): New check.
	* configure: Regenerate.

fixincludes/ChangeLog:

	* Makefile.in: Set and use PICFLAG and LD_PICFLAG.  Use the "pic"
	build of libiberty if PICFLAG is set.
	* configure.ac:
	* configure: Regenerate.

gcc/ChangeLog:

	* Makefile.in: Set LD_PICFLAG.  Use it.  Set enable_host_pie.
	Remove NO_PIE_CFLAGS and NO_PIE_FLAG.  Pass LD_PICFLAG to
	ALL_LINKERFLAGS.  Use the "pic" build of libiberty if --enable-host-pie.
	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG and LD_PICFLAG after this
	check.
	* configure: Regenerate.
	* doc/install.texi: Document --enable-host-pie.

gcc/d/ChangeLog:

	* Make-lang.in: Remove NO_PIE_CFLAGS.

intl/ChangeLog:

	* Makefile.in: Use @PICFLAG@ in COMPILE as well.
	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.
	* configure: Regenerate.

libcody/ChangeLog:

	* Makefile.in: Pass LD_PICFLAG to LDFLAGS.
	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG and LD_PICFLAG after this
	check.
	* configure: Regenerate.

libcpp/ChangeLog:

	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.
	* configure: Regenerate.

libdecnumber/ChangeLog:

	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.
	* configure: Regenerate.

libiberty/ChangeLog:

	* configure.ac: Also set shared when enable_host_pie.
	* configure: Regenerate.

zlib/ChangeLog:

	* configure.ac (--enable-host-shared): Don't set PICFLAG here.
	(--enable-host-pie): New check.  Set PICFLAG after this check.
	* configure: Regenerate.
c++tools, configury: Configure with C++; test checking status [PR98821]. 2021-07-21T12:40:17+00:00 Iain Sandoe iain@sandoe.co.uk 2021-07-20T13:00:38+00:00 e4d306cf706eef83f99d510c308eda1539d05875 The c++tools configure fragments need to be built with a C++ compiler. In addition, the stand-alone server uses diagnostic mechanisms in common with GCC, but needs to define implementations for gcc_assert and supporting output functions. Signed-off-by: Iain Sandoe <iain@sandoe.co.uk> PR c++/98821 - modules : c++tools configures with CC but code fragments assume CXX. PR c++/98821 c++tools/ChangeLog: * config.h.in: Regenerate. * configure: Regenerate. * configure.ac: Configure using C++. Pull logic to detect enabled checking modes; default to release checking. * server.cc (AI_NUMERICSERV): Define a fallback value. (gcc_assert): New. (gcc_unreachable): New. (fancy_abort): Only build when checking is enabled. Co-authored-by: Jakub Jelinek <jakub@redhat.com> 
The c++tools configure fragments need to be built with a C++ compiler.

In addition, the stand-alone server uses diagnostic mechanisms in common
with GCC, but needs to define implementations for gcc_assert and
supporting output functions.

Signed-off-by: Iain Sandoe <iain@sandoe.co.uk>

PR c++/98821 - modules : c++tools configures with CC but code fragments assume CXX.

	PR c++/98821

c++tools/ChangeLog:

	* config.h.in: Regenerate.
	* configure: Regenerate.
	* configure.ac: Configure using C++.  Pull logic to
	detect enabled checking modes; default to release
	checking.
	* server.cc (AI_NUMERICSERV): Define a fallback value.
	(gcc_assert): New.
	(gcc_unreachable): New.
	(fancy_abort): Only build when checking is enabled.

Co-authored-by: Jakub Jelinek <jakub@redhat.com>
Fix typo and weird syntax in configure script 2021-05-25T10:13:15+00:00 Eric Botcazou ebotcazou@adacore.com 2021-05-25T10:12:08+00:00 4b1987f8ad382a6cd0e2df3a9882b65ce8122fba c++tools/ * configure.ac (--enable-maintainer-mode): Fix typo and weird syntax. * configure: Regenerate. 
c++tools/
	* configure.ac (--enable-maintainer-mode): Fix typo and weird syntax.
	* configure: Regenerate.