Use hardened linker flags if available

This commit reuse several macros from libvirt to test for
support for "-Wl,-z -Wl,relro", "-Wl,-z -Wl,now" and
"-Wl,--no-copy-dt-needed-entries", and use them if available.

configure.ac

@@ -434,6 +434,8 @@ dnl ===========================================================================
 dnl check compiler flags
 
 SPICE_COMPILE_WARNINGS
+LIBVIRT_LINKER_RELRO
+LIBVIRT_LINKER_NO_INDIRECT
 
 # use ximage.h for win32 build if it is found (no package for mingw32 atm)
 if test $os_win32 == "yes" ; then

m4/virt-linker-no-indirect.m4

@@ -0,0 +1,32 @@
+dnl
+dnl Check for --no-copy-dt-needed-entries
+dnl
+dnl Copyright (C) 2013 Guido Günther <agx@sigxcpu.org>
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library.  If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_LINKER_NO_INDIRECT],[
+    AC_MSG_CHECKING([for how to avoid indirect lib deps])
+
+    NO_INDIRECT_LDFLAGS=
+    case `$LD --help 2>&1` in
+        *"--no-copy-dt-needed-entries"*)
+		NO_INDIRECT_LDFLAGS="-Wl,--no-copy-dt-needed-entries" ;;
+    esac
+    AC_SUBST([NO_INDIRECT_LDFLAGS])
+
+    AC_MSG_RESULT([$NO_INDIRECT_LDFLAGS])
+])

m4/virt-linker-relro.m4

@@ -0,0 +1,35 @@
+dnl
+dnl Check for -z now and -z relro linker flags
+dnl
+dnl Copyright (C) 2013 Red Hat, Inc.
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library.  If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_LINKER_RELRO],[
+    AC_MSG_CHECKING([for how to force completely read-only GOT table])
+
+    RELRO_LDFLAGS=
+    ld_help=`$LD --help 2>&1`
+    case $ld_help in
+        *"-z relro"*) RELRO_LDFLAGS="-Wl,-z -Wl,relro" ;;
+    esac
+    case $ld_help in
+        *"-z now"*) RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" ;;
+    esac
+    AC_SUBST([RELRO_LDFLAGS])
+
+    AC_MSG_RESULT([$RELRO_LDFLAGS])
+])

server/Makefile.am

@@ -21,6 +21,8 @@ lib_LTLIBRARIES = libspice-server.la
 libspice_server_la_LDFLAGS =			\
 	-version-info $(SPICE_LT_VERSION)	\
 	-no-undefined				\
+	$(RELRO_LDFLAGS)			\
+	$(NO_INDIRECT_LDFLAGS)			\
 	$(NULL)
 
 if HAVE_LD_VERSION_SCRIPT