From e103bdf4b005d2a6ef36e9ec67a422dee0cb8bf0 Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Tue, 30 Oct 2012 21:40:21 -0400
Subject: [PATCH] Updated build CFLAGS and LDFLAGS for PIE support similar to
 Debian hardening-includes

The Debian hardening-includes package sets CFLAGS and LDFLAGS as follows for PIE support:

_HARDENED_PIE_CFLAGS  := -fPIE
_HARDENED_PIE_LDFLAGS := -fPIE -pie

The configure.ac file has been updated to conform to the above.
---
 ChangeLog    | 3 +++
 configure.ac | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 2e33e2c3..7166d922 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -49,6 +49,9 @@ fwknop-2.0.4 (11//2012):
       icmp') mode.
     - [client] Updated default TTL value to 64 for spoofed SPA packets.  This
       is closer to more OS default TTL values than the previous 255.
+    - Updated build CFLAGS and LDFLAGS to conform to the Debian
+      hardening-includes file for PIE support (e.g. '-fPIE' for CFLAGS and
+      '-fPIE -pie' for LDFLAGS).
 
 fwknop-2.0.3 (09/03/2012):
     - [server] Fernando Arnaboldi from IOActive found several DoS/code
diff --git a/configure.ac b/configure.ac
index 1a90a175..8defe0d4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -163,7 +163,8 @@ AC_ARG_ENABLE([pie],
   [])
 
 if test "x$use_pie" = "xyes"; then
-    FKO_CHECK_COMPILER_ARG([-fPIE -pie])
+    FKO_CHECK_COMPILER_ARG([-fPIE])
+    FKO_CHECK_COMPILER_ARG_LDFLAGS_ONLY([-pie])
 fi
 
 dnl Decide whether or not to enable -D_FORTIFY_SOURCE support