From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] netpbm: Fix hardening
Date: Sun, 12 Mar 2023 09:27:06 +0100 [thread overview]
Message-ID: <20230312082706.86717-1-stefan.schantl@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2054 bytes --]
* Add some additional CFLAGS to workaround a gcc bug
with enabled SSP.
* Add patch to proper use our LDFLAGS when linking libnetpbm.
* Disable stripping the binaries during install.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
netpbm/netpbm.nm | 9 ++++++++-
netpbm/patches/netpbm-libnetpbm-use-ldflags.patch | 12 ++++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
create mode 100644 netpbm/patches/netpbm-libnetpbm-use-ldflags.patch
diff --git a/netpbm/netpbm.nm b/netpbm/netpbm.nm
index 49488e5fa..cbafb517c 100644
--- a/netpbm/netpbm.nm
+++ b/netpbm/netpbm.nm
@@ -5,7 +5,7 @@
name = netpbm
version = 10.73.42
-release = 1
+release = 2
groups = System/Libraries
url = https://netpbm.sourceforge.net/
@@ -37,6 +37,10 @@ build
perl(English)
end
+ CFLAGS += \
+ -fno-builtin-exit \
+ -D__noreturn__=
+
prepare_cmds
# Create config file.
cp -avf config.mk.in config.mk
@@ -58,6 +62,9 @@ build
echo 'JPEGHDR_DIR = %{includedir}' >> config.mk
echo 'PNGHDR_DIR = %{includedir}' >> config.mk
echo 'ZHDR_DIR = %{includedir}' >> config.mk
+
+ # Do not strip the binaries during install.
+ echo 'STRIPFLAG =' >> config.mk
end
build
diff --git a/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch b/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch
new file mode 100644
index 000000000..21384cb26
--- /dev/null
+++ b/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch
@@ -0,0 +1,12 @@
+diff -Nur a/lib/Makefile b/lib/Makefile
+--- a/lib/Makefile 2019-06-29 01:07:55.000000000 +0200
++++ b/lib/Makefile 2023-03-12 09:21:25.558949353 +0100
+@@ -128,7 +128,7 @@
+ rm -f $@
+ $(SYMLINK) $< $@
+ libnetpbm.$(NETPBMLIBSUFFIX).$(MAJ).$(MIN): $(LIBOBJECTS) $(LIBOBJECTS_X)
+- $(LD) $(LDSHLIB) -o $@ $(LIBOBJECTS) $(LIBOBJECTS_X) \
++ $(LD) $(LDFLAGS) $(LDSHLIB) -o $@ $(LIBOBJECTS) $(LIBOBJECTS_X) \
+ $(SHLIB_CLIB) -lm $(LADD)
+ endif
+
--
2.30.2
reply other threads:[~2023-03-12 8:27 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230312082706.86717-1-stefan.schantl@ipfire.org \
--to=stefan.schantl@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox