configure.ac: use executable hardening where available

Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". Signed-off-by: Jim Barlow <jim@purplerock.ca>
author: Jim Barlow <jim@purplerock.ca> 2014-12-23 05:24:24 -0800
committer: Jim Barlow <jim@purplerock.ca> 2014-12-23 05:24:24 -0800
commit: a6c072343a8d0beb232b3dc71cf0f5db81fa6629 (patch)
tree: 2356dc497f100b2e82dbc2846079a8b9f72ecfa7
parent: 164f684eb8e4ebe31d0f9d0603dc25533fa43c5b (diff)
download: portable-a6c072343a8d0beb232b3dc71cf0f5db81fa6629.tar.gz
portable-a6c072343a8d0beb232b3dc71cf0f5db81fa6629.tar.bz2
portable-a6c072343a8d0beb232b3dc71cf0f5db81fa6629.zip
3 files changed, 209 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 9174a64..3d93d12 100644
--- a/configure.ac
+++ b/configure.ac
@@ -74,6 +74,68 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
 )
 AC_MSG_RESULT([CLANG])
+# We want to check for compiler flag support, but there is no way to make
+# clang's "argument unused" warning fatal.  So we invoke the compiler through a
+# wrapper script that greps for this message.
+saved_CC="$CC"
+saved_LD="$LD"
+flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
+CC="$flag_wrap $CC"
+LD="$flag_wrap $LD"
+AC_DEFUN([check_cflag],
+        [AX_CHECK_COMPILE_FLAG([$1], [$2], [$3], [-Werror $4])])
+AC_DEFUN([check_ldflag],
+        [AX_CHECK_LINK_FLAG([$1], [$2], [$3], [-Werror $4])])
+AC_ARG_ENABLE([hardening],
+        [AS_HELP_STRING([--disable-hardening], [Disable options to frustrate memory corruption exploits])],
+        [],
+        [enable_hardening=yes])
+HARDEN_CFLAGS=""
+HARDEN_LDFLAGS=""
+AS_IF([test "x$enable_hardening" == "xyes"], [
+        # Tell GCC to NOT optimize based on signed arithmetic overflow
+        check_cflag([-fno-strict-overflow], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fno-strict-overflow"])
+        # _FORTIFY_SOURCE replaces builtin functions with safer versions.
+        check_cflag([-D_FORTIFY_SOURCE=2], 
+                [HARDEN_CFLAGS="$HARDEN_CFLAGS -D_FORTIFY_SOURCE=2"])
+        # Use stack-protector-strong if available; if not, fallback to stack-protector-all which
+        # is considered to be overkill
+        check_cflag([-fstack-protector-strong], 
+                [STACK_PROTECT="-fstack-protector-strong"],
+                check_cflag([-fstack-protector-all],
+                        [STACK_PROTECT="-fstack-protector-all"],
+                        [AC_MSG_ERROR([compiler does not support stack protection - use --disable-hardening to override if you understand the risks])]
+                )
+        )
+        check_ldflag([$STACK_PROTECT],
+                [HARDEN_CFLAGS="$HARDEN_CFLAGS $STACK_PROTECT"
+                 check_cflag([-Wstack-protector], [HARDEN_CFLAGS="$HARDEN_CFLAGS -Wstack-protector"],
+                        [], [$STACK_PROTECT])
+                ],
+                [AC_MSG_ERROR([compiler supports stack protection but linker does not])]
+        )
+        # Enable read only relocations
+        check_ldflag([-Wl,-z,relro],
+                [HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,relro"
+        check_ldflag([-Wl,-z,now], [HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,now"])])
+])
+# Restore CC, LD
+CC="$saved_CC"
+LD="$saved_LD"
+CFLAGS="$CFLAGS $HARDEN_CFLAGS"
+LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
+# Removing the dependency on -Wno-pointer-sign should be a goal
 save_cflags="$CFLAGS"
 CFLAGS=-Wno-pointer-sign
 AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4
new file mode 100644
index 0000000..51df0c0
--- /dev/null
+++ b/m4/ax_check_compile_flag.m4
@@ -0,0 +1,74 @@
+# ===========================================================================
+#   http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the current language's compiler
+#   or gives an error.  (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the current language's default
+#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
+#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
+#   force the compiler to issue an error when a bad flag is given.
+#
+#   INPUT gives an alternative input source to AC_COMPILE_IFELSE.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+#serial 3
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+  AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS
diff --git a/m4/ax_check_link_flag.m4 b/m4/ax_check_link_flag.m4
new file mode 100644
index 0000000..db899dd
--- /dev/null
+++ b/m4/ax_check_link_flag.m4
@@ -0,0 +1,73 @@
+# ===========================================================================
+#    http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the linker or gives an error.
+#   (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the linker's default flags
+#   when the check is done.  The check is thus made with the flags: "LDFLAGS
+#   EXTRA-FLAGS FLAG".  This can for example be used to force the linker to
+#   issue an error when a bad flag is given.
+#
+#   INPUT gives an alternative input source to AC_LINK_IFELSE.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+#serial 3
+AC_DEFUN([AX_CHECK_LINK_FLAG],
+[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
+AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
+  ax_check_save_flags=$LDFLAGS
+  LDFLAGS="$LDFLAGS $4 $1"
+  AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  LDFLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_LINK_FLAGS
author	Jim Barlow <jim@purplerock.ca>	2014-12-23 05:24:24 -0800
committer	Jim Barlow <jim@purplerock.ca>	2014-12-23 05:24:24 -0800
commit	a6c072343a8d0beb232b3dc71cf0f5db81fa6629 (patch)
tree	2356dc497f100b2e82dbc2846079a8b9f72ecfa7
parent	164f684eb8e4ebe31d0f9d0603dc25533fa43c5b (diff)
download	portable-a6c072343a8d0beb232b3dc71cf0f5db81fa6629.tar.gz portable-a6c072343a8d0beb232b3dc71cf0f5db81fa6629.tar.bz2 portable-a6c072343a8d0beb232b3dc71cf0f5db81fa6629.zip

diff --git a/configure.ac b/configure.ac index 9174a64..3d93d12 100644 --- a/configure.ac +++ b/configure.ac
@@ -74,6 +74,68 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
74	)	74	)
75	AC_MSG_RESULT([CLANG])	75	AC_MSG_RESULT([CLANG])
76		76
		77	# We want to check for compiler flag support, but there is no way to make
		78	# clang's "argument unused" warning fatal. So we invoke the compiler through a
		79	# wrapper script that greps for this message.
		80	saved_CC="$CC"
		81	saved_LD="$LD"
		82	flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
		83	CC="$flag_wrap $CC"
		84	LD="$flag_wrap $LD"
		85
		86	AC_DEFUN([check_cflag],
		87	[AX_CHECK_COMPILE_FLAG([$1], [$2], [$3], [-Werror $4])])
		88	AC_DEFUN([check_ldflag],
		89	[AX_CHECK_LINK_FLAG([$1], [$2], [$3], [-Werror $4])])
		90
		91
		92	AC_ARG_ENABLE([hardening],
		93	[AS_HELP_STRING([--disable-hardening], [Disable options to frustrate memory corruption exploits])],
		94	[],
		95	[enable_hardening=yes])
		96
		97	HARDEN_CFLAGS=""
		98	HARDEN_LDFLAGS=""
		99	AS_IF([test "x$enable_hardening" == "xyes"], [
		100	# Tell GCC to NOT optimize based on signed arithmetic overflow
		101	check_cflag([-fno-strict-overflow], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fno-strict-overflow"])
		102
		103	# _FORTIFY_SOURCE replaces builtin functions with safer versions.
		104	check_cflag([-D_FORTIFY_SOURCE=2],
		105	[HARDEN_CFLAGS="$HARDEN_CFLAGS -D_FORTIFY_SOURCE=2"])
		106
		107	# Use stack-protector-strong if available; if not, fallback to stack-protector-all which
		108	# is considered to be overkill
		109	check_cflag([-fstack-protector-strong],
		110	[STACK_PROTECT="-fstack-protector-strong"],
		111	check_cflag([-fstack-protector-all],
		112	[STACK_PROTECT="-fstack-protector-all"],
		113	[AC_MSG_ERROR([compiler does not support stack protection - use --disable-hardening to override if you understand the risks])]
		114	)
		115	)
		116
		117	check_ldflag([$STACK_PROTECT],
		118	[HARDEN_CFLAGS="$HARDEN_CFLAGS $STACK_PROTECT"
		119	check_cflag([-Wstack-protector], [HARDEN_CFLAGS="$HARDEN_CFLAGS -Wstack-protector"],
		120	[], [$STACK_PROTECT])
		121	],
		122	[AC_MSG_ERROR([compiler supports stack protection but linker does not])]
		123	)
		124
		125	# Enable read only relocations
		126	check_ldflag([-Wl,-z,relro],
		127	[HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,relro"
		128	check_ldflag([-Wl,-z,now], [HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,now"])])
		129	])
		130
		131	# Restore CC, LD
		132	CC="$saved_CC"
		133	LD="$saved_LD"
		134
		135	CFLAGS="$CFLAGS $HARDEN_CFLAGS"
		136	LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
		137
		138	# Removing the dependency on -Wno-pointer-sign should be a goal
77	save_cflags="$CFLAGS"	139	save_cflags="$CFLAGS"
78	CFLAGS=-Wno-pointer-sign	140	CFLAGS=-Wno-pointer-sign
79	AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])	141	AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])


diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4 new file mode 100644 index 0000000..51df0c0 --- /dev/null +++ b/m4/ax_check_compile_flag.m4
@@ -0,0 +1,74 @@
		1	# ===========================================================================
		2	# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
		3	# ===========================================================================
		4	#
		5	# SYNOPSIS
		6	#
		7	# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
		8	#
		9	# DESCRIPTION
		10	#
		11	# Check whether the given FLAG works with the current language's compiler
		12	# or gives an error. (Warnings, however, are ignored)
		13	#
		14	# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
		15	# success/failure.
		16	#
		17	# If EXTRA-FLAGS is defined, it is added to the current language's default
		18	# flags (e.g. CFLAGS) when the check is done. The check is thus made with
		19	# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
		20	# force the compiler to issue an error when a bad flag is given.
		21	#
		22	# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
		23	#
		24	# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
		25	# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
		26	#
		27	# LICENSE
		28	#
		29	# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
		30	# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
		31	#
		32	# This program is free software: you can redistribute it and/or modify it
		33	# under the terms of the GNU General Public License as published by the
		34	# Free Software Foundation, either version 3 of the License, or (at your
		35	# option) any later version.
		36	#
		37	# This program is distributed in the hope that it will be useful, but
		38	# WITHOUT ANY WARRANTY; without even the implied warranty of
		39	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
		40	# Public License for more details.
		41	#
		42	# You should have received a copy of the GNU General Public License along
		43	# with this program. If not, see <http://www.gnu.org/licenses/>.
		44	#
		45	# As a special exception, the respective Autoconf Macro's copyright owner
		46	# gives unlimited permission to copy, distribute and modify the configure
		47	# scripts that are the output of Autoconf when processing the Macro. You
		48	# need not follow the terms of the GNU General Public License when using
		49	# or distributing such scripts, even though portions of the text of the
		50	# Macro appear in them. The GNU General Public License (GPL) does govern
		51	# all other use of the material that constitutes the Autoconf Macro.
		52	#
		53	# This special exception to the GPL applies to versions of the Autoconf
		54	# Macro released by the Autoconf Archive. When you make and distribute a
		55	# modified version of the Autoconf Macro, you may extend this special
		56	# exception to the GPL to apply to your modified version as well.
		57
		58	#serial 3
		59
		60	AC_DEFUN([AX_CHECK_COMPILE_FLAG],
		61	[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
		62	AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
		63	AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
		64	ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
		65	_AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
		66	AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
		67	[AS_VAR_SET(CACHEVAR,[yes])],
		68	[AS_VAR_SET(CACHEVAR,[no])])
		69	_AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
		70	AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
		71	[m4_default([$2], :)],
		72	[m4_default([$3], :)])
		73	AS_VAR_POPDEF([CACHEVAR])dnl
		74	])dnl AX_CHECK_COMPILE_FLAGS


diff --git a/m4/ax_check_link_flag.m4 b/m4/ax_check_link_flag.m4 new file mode 100644 index 0000000..db899dd --- /dev/null +++ b/m4/ax_check_link_flag.m4
@@ -0,0 +1,73 @@
		1	# ===========================================================================
		2	# http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
		3	# ===========================================================================
		4	#
		5	# SYNOPSIS
		6	#
		7	# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
		8	#
		9	# DESCRIPTION
		10	#
		11	# Check whether the given FLAG works with the linker or gives an error.
		12	# (Warnings, however, are ignored)
		13	#
		14	# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
		15	# success/failure.
		16	#
		17	# If EXTRA-FLAGS is defined, it is added to the linker's default flags
		18	# when the check is done. The check is thus made with the flags: "LDFLAGS
		19	# EXTRA-FLAGS FLAG". This can for example be used to force the linker to
		20	# issue an error when a bad flag is given.
		21	#
		22	# INPUT gives an alternative input source to AC_LINK_IFELSE.
		23	#
		24	# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
		25	# macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG.
		26	#
		27	# LICENSE
		28	#
		29	# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
		30	# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
		31	#
		32	# This program is free software: you can redistribute it and/or modify it
		33	# under the terms of the GNU General Public License as published by the
		34	# Free Software Foundation, either version 3 of the License, or (at your
		35	# option) any later version.
		36	#
		37	# This program is distributed in the hope that it will be useful, but
		38	# WITHOUT ANY WARRANTY; without even the implied warranty of
		39	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
		40	# Public License for more details.
		41	#
		42	# You should have received a copy of the GNU General Public License along
		43	# with this program. If not, see <http://www.gnu.org/licenses/>.
		44	#
		45	# As a special exception, the respective Autoconf Macro's copyright owner
		46	# gives unlimited permission to copy, distribute and modify the configure
		47	# scripts that are the output of Autoconf when processing the Macro. You
		48	# need not follow the terms of the GNU General Public License when using
		49	# or distributing such scripts, even though portions of the text of the
		50	# Macro appear in them. The GNU General Public License (GPL) does govern
		51	# all other use of the material that constitutes the Autoconf Macro.
		52	#
		53	# This special exception to the GPL applies to versions of the Autoconf
		54	# Macro released by the Autoconf Archive. When you make and distribute a
		55	# modified version of the Autoconf Macro, you may extend this special
		56	# exception to the GPL to apply to your modified version as well.
		57
		58	#serial 3
		59
		60	AC_DEFUN([AX_CHECK_LINK_FLAG],
		61	[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
		62	AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
		63	ax_check_save_flags=$LDFLAGS
		64	LDFLAGS="$LDFLAGS $4 $1"
		65	AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
		66	[AS_VAR_SET(CACHEVAR,[yes])],
		67	[AS_VAR_SET(CACHEVAR,[no])])
		68	LDFLAGS=$ax_check_save_flags])
		69	AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
		70	[m4_default([$2], :)],
		71	[m4_default([$3], :)])
		72	AS_VAR_POPDEF([CACHEVAR])dnl
		73	])dnl AX_CHECK_LINK_FLAGS