Index: kerberos5/tools/asn1_compile/Makefile =================================================================== --- kerberos5/tools/asn1_compile/Makefile +++ kerberos5/tools/asn1_compile/Makefile @@ -6,6 +6,7 @@ LIBADD= vers LDADD= ${LIBROKEN_A} DPADD= ${LIBROKEN_A} +MK_PIE:= no SRCS= \ asn1parse.y \ Index: kerberos5/tools/slc/Makefile =================================================================== --- kerberos5/tools/slc/Makefile +++ kerberos5/tools/slc/Makefile @@ -6,6 +6,7 @@ LDADD= ${LIBROKEN_A} DPADD= ${LIBROKEN_A} MAN= +MK_PIE:= no SRCS= roken.h \ slc-gram.y \ Index: share/mk/bsd.lib.mk =================================================================== --- share/mk/bsd.lib.mk +++ share/mk/bsd.lib.mk @@ -69,6 +69,14 @@ TAG_ARGS= -T ${TAGS:[*]:S/ /,/g} .endif +.if !defined(PICFLAG) +.if ${MACHINE_CPUARCH} == "sparc64" +PICFLAG=-fPIC +.else +PICFLAG=-fpic +.endif +.endif + # ELF hardening knobs .if ${MK_BIND_NOW} != "no" LDFLAGS+= -Wl,-znow @@ -93,14 +101,6 @@ # .nossppico used for NOSSP PIC object files .SUFFIXES: .out .o .bc .ll .po .pico .nossppico .S .asm .s .c .cc .cpp .cxx .C .f .y .l .ln -.if !defined(PICFLAG) -.if ${MACHINE_CPUARCH} == "sparc64" -PICFLAG=-fPIC -.else -PICFLAG=-fpic -.endif -.endif - PO_FLAG=-pg .c.po: @@ -245,13 +245,18 @@ CLEANFILES+= lib${LIB_PRIVATE}${LIB}.bc lib${LIB_PRIVATE}${LIB}.ll .endif +.endif + .if defined(SHLIB_NAME) || \ - defined(INSTALL_PIC_ARCHIVE) && defined(LIB) && !empty(LIB) + (defined(INSTALL_PIC_ARCHIVE) && defined(LIB) && !empty(LIB)) || \ + ((defined(INTERNALLIB) || defined (PRIVATELIB)) && ${MK_PIE} != "no") SOBJS+= ${OBJS:.o=.pico} DEPENDOBJS+= ${SOBJS} CLEANFILES+= ${SOBJS} .endif +.if !defined(INTERNALLIB) + .if defined(SHLIB_NAME) _LIBS+= ${SHLIB_NAME} @@ -308,8 +313,12 @@ ${OBJCOPY} --only-keep-debug ${SHLIB_NAME_FULL} ${.TARGET} .endif .endif #defined(SHLIB_NAME) +.endif # !defined(INTERNALLIB) -.if defined(INSTALL_PIC_ARCHIVE) && defined(LIB) && !empty(LIB) && ${MK_TOOLCHAIN} != "no" +.if defined(LIB) && !empty(LIB) && \ + (${MK_TOOLCHAIN} != "no" || ${MK_PIE} != "no") && \ + (defined(INSTALL_PIC_ARCHIVE) || \ + ((defined(INTERNALLIB) || defined (PRIVATELIB)) && ${MK_PIE} != "no")) _LIBS+= lib${LIB_PRIVATE}${LIB}_pic.a lib${LIB_PRIVATE}${LIB}_pic.a: ${SOBJS} @@ -332,7 +341,6 @@ ${RANLIB} ${RANLIBFLAGS} ${.TARGET} .endif -.endif # !defined(INTERNALLIB) .if defined(_SKIP_BUILD) all: Index: share/mk/bsd.opts.mk =================================================================== --- share/mk/bsd.opts.mk +++ share/mk/bsd.opts.mk @@ -73,6 +73,7 @@ CCACHE_BUILD \ CTF \ INSTALL_AS_USER \ + PIE \ RETPOLINE \ STALE_STAGED Index: share/mk/bsd.prog.mk =================================================================== --- share/mk/bsd.prog.mk +++ share/mk/bsd.prog.mk @@ -43,6 +43,11 @@ CXXFLAGS+= -mretpoline # retpolineplt is broken with static linking (PR 233336) .if !defined(NO_SHARED) || ${NO_SHARED} == "no" || ${NO_SHARED} == "NO" +.if ${MK_PIE} != "no" +CFLAGS+= -fPIE +CXXFLAGS+= -fPIE +LDFLAGS+= -pie +.endif LDFLAGS+= -Wl,-zretpolineplt .endif .endif Index: share/mk/src.libnames.mk =================================================================== --- share/mk/src.libnames.mk +++ share/mk/src.libnames.mk @@ -368,13 +368,19 @@ LIB${_l:tu}?= ${LIBDESTDIR}${LIBDIR_BASE}/libprivate${_l}.a .endfor +.if ${MK_PIE} != "no" +PIE_SUFFIX= _pic +.endif + .for _l in ${_LIBRARIES} .if ${_INTERNALLIBS:M${_l}} || !defined(SYSROOT) LDADD_${_l}_L+= -L${LIB${_l:tu}DIR} .endif DPADD_${_l}?= ${LIB${_l:tu}} .if ${_PRIVATELIBS:M${_l}} -LDADD_${_l}?= -lprivate${_l} +LDADD_${_l}?= -lprivate${_l}${PIE_SUFFIX} +.elif ${_INTERNALLIBS:M${_l}} +LDADD_${_l}?= ${LDADD_${_l}_L} -l${_l}${PIE_SUFFIX} .else LDADD_${_l}?= ${LDADD_${_l}_L} -l${_l} .endif @@ -418,69 +424,69 @@ # INTERNALLIB definitions. LIBELFTCDIR= ${OBJTOP}/lib/libelftc -LIBELFTC?= ${LIBELFTCDIR}/libelftc.a +LIBELFTC?= ${LIBELFTCDIR}/libelftc${PIE_SUFFIX}.a LIBPEDIR= ${OBJTOP}/lib/libpe -LIBPE?= ${LIBPEDIR}/libpe.a +LIBPE?= ${LIBPEDIR}/libpe${PIE_SUFFIX}.a LIBOPENBSDDIR= ${OBJTOP}/lib/libopenbsd -LIBOPENBSD?= ${LIBOPENBSDDIR}/libopenbsd.a +LIBOPENBSD?= ${LIBOPENBSDDIR}/libopenbsd${PIE_SUFFIX}.a LIBSMDIR= ${OBJTOP}/lib/libsm -LIBSM?= ${LIBSMDIR}/libsm.a +LIBSM?= ${LIBSMDIR}/libsm${PIE_SUFFIX}.a LIBSMDBDIR= ${OBJTOP}/lib/libsmdb -LIBSMDB?= ${LIBSMDBDIR}/libsmdb.a +LIBSMDB?= ${LIBSMDBDIR}/libsmdb${PIE_SUFFIX}.a LIBSMUTILDIR= ${OBJTOP}/lib/libsmutil -LIBSMUTIL?= ${LIBSMUTILDIR}/libsmutil.a +LIBSMUTIL?= ${LIBSMUTILDIR}/libsmutil${PIE_SUFFIX}.a LIBNETBSDDIR?= ${OBJTOP}/lib/libnetbsd -LIBNETBSD?= ${LIBNETBSDDIR}/libnetbsd.a +LIBNETBSD?= ${LIBNETBSDDIR}/libnetbsd${PIE_SUFFIX}.a LIBVERSDIR?= ${OBJTOP}/kerberos5/lib/libvers -LIBVERS?= ${LIBVERSDIR}/libvers.a +LIBVERS?= ${LIBVERSDIR}/libvers${PIE_SUFFIX}.a LIBSLDIR= ${OBJTOP}/kerberos5/lib/libsl -LIBSL?= ${LIBSLDIR}/libsl.a +LIBSL?= ${LIBSLDIR}/libsl${PIE_SUFFIX}.a LIBIPFDIR= ${OBJTOP}/sbin/ipf/libipf -LIBIPF?= ${LIBIPFDIR}/libipf.a +LIBIPF?= ${LIBIPFDIR}/libipf${PIE_SUFFIX}.a LIBTELNETDIR= ${OBJTOP}/lib/libtelnet -LIBTELNET?= ${LIBTELNETDIR}/libtelnet.a +LIBTELNET?= ${LIBTELNETDIR}/libtelnet${PIE_SUFFIX}.a LIBCRONDIR= ${OBJTOP}/usr.sbin/cron/lib -LIBCRON?= ${LIBCRONDIR}/libcron.a +LIBCRON?= ${LIBCRONDIR}/libcron${PIE_SUFFIX}.a LIBNTPDIR= ${OBJTOP}/usr.sbin/ntp/libntp -LIBNTP?= ${LIBNTPDIR}/libntp.a +LIBNTP?= ${LIBNTPDIR}/libntp${PIE_SUFFIX}.a LIBNTPEVENTDIR= ${OBJTOP}/usr.sbin/ntp/libntpevent -LIBNTPEVENT?= ${LIBNTPEVENTDIR}/libntpevent.a +LIBNTPEVENT?= ${LIBNTPEVENTDIR}/libntpevent${PIE_SUFFIX}.a LIBOPTSDIR= ${OBJTOP}/usr.sbin/ntp/libopts -LIBOPTS?= ${LIBOPTSDIR}/libopts.a +LIBOPTS?= ${LIBOPTSDIR}/libopts${PIE_SUFFIX}.a LIBPARSEDIR= ${OBJTOP}/usr.sbin/ntp/libparse -LIBPARSE?= ${LIBPARSEDIR}/libparse.a +LIBPARSE?= ${LIBPARSEDIR}/libparse${PIE_SUFFIX}.a LIBLPRDIR= ${OBJTOP}/usr.sbin/lpr/common_source -LIBLPR?= ${LIBLPRDIR}/liblpr.a +LIBLPR?= ${LIBLPRDIR}/liblpr${PIE_SUFFIX}.a LIBFIFOLOGDIR= ${OBJTOP}/usr.sbin/fifolog/lib -LIBFIFOLOG?= ${LIBFIFOLOGDIR}/libfifolog.a +LIBFIFOLOG?= ${LIBFIFOLOGDIR}/libfifolog${PIE_SUFFIX}.a LIBBSNMPTOOLSDIR= ${OBJTOP}/usr.sbin/bsnmpd/tools/libbsnmptools -LIBBSNMPTOOLS?= ${LIBBSNMPTOOLSDIR}/libbsnmptools.a +LIBBSNMPTOOLS?= ${LIBBSNMPTOOLSDIR}/libbsnmptools${PIE_SUFFIX}.a LIBAMUDIR= ${OBJTOP}/usr.sbin/amd/libamu -LIBAMU?= ${LIBAMUDIR}/libamu.a +LIBAMU?= ${LIBAMUDIR}/libamu${PIE_SUFFIX}.a -LIBBE?= ${LIBBEDIR}/libbe.a +LIBBE?= ${LIBBEDIR}/libbe${PIE_SUFFIX}.a LIBPMCSTATDIR= ${OBJTOP}/lib/libpmcstat -LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat.a +LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat${PIE_SUFFIX}.a LIBC_NOSSP_PICDIR= ${OBJTOP}/lib/libc LIBC_NOSSP_PIC?= ${LIBC_NOSSP_PICDIR}/libc_nossp_pic.a Index: stand/i386/Makefile.inc =================================================================== --- stand/i386/Makefile.inc +++ stand/i386/Makefile.inc @@ -7,6 +7,7 @@ LOADER_ADDRESS?=0x200000 LDFLAGS+= -nostdlib LDFLAGS.lld+= -Wl,--no-rosegment +MK_PIE:= no # BTX components BTXDIR= ${BOOTOBJ}/i386/btx Index: tools/build/options/WITHOUT_PIE =================================================================== --- /dev/null +++ tools/build/options/WITHOUT_PIE @@ -0,0 +1,3 @@ +.\" $FreeBSD$ +Do not build dynamically linked binaries as +Position-Independent Executable (PIE). Index: tools/build/options/WITH_PIE =================================================================== --- /dev/null +++ tools/build/options/WITH_PIE @@ -0,0 +1,3 @@ +.\" $FreeBSD$ +Build dynamically linked binaries as +Position-Independent Executable (PIE).