From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] netpbm: Fix hardening
Date: Sun, 12 Mar 2023 09:27:06 +0100
Message-ID: <20230312082706.86717-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1674113598167625114=="
List-Id: <development.lists.ipfire.org>

--===============1674113598167625114==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

* Add some additional CFLAGS to workaround a gcc bug
  with enabled SSP.

* Add patch to proper use our LDFLAGS when linking libnetpbm.

* Disable stripping the binaries during install.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 netpbm/netpbm.nm                                  |  9 ++++++++-
 netpbm/patches/netpbm-libnetpbm-use-ldflags.patch | 12 ++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 netpbm/patches/netpbm-libnetpbm-use-ldflags.patch

diff --git a/netpbm/netpbm.nm b/netpbm/netpbm.nm
index 49488e5fa..cbafb517c 100644
--- a/netpbm/netpbm.nm
+++ b/netpbm/netpbm.nm
@@ -5,7 +5,7 @@
=20
 name       =3D netpbm
 version    =3D 10.73.42
-release    =3D 1
+release    =3D 2
=20
 groups     =3D System/Libraries
 url        =3D https://netpbm.sourceforge.net/
@@ -37,6 +37,10 @@ build
 		perl(English)
 	end
=20
+	CFLAGS +=3D \
+		-fno-builtin-exit \
+		-D__noreturn__=3D
+
 	prepare_cmds
 		# Create config file.
 		cp -avf config.mk.in  config.mk
@@ -58,6 +62,9 @@ build
 		echo 'JPEGHDR_DIR =3D %{includedir}' >> config.mk
 		echo 'PNGHDR_DIR =3D %{includedir}' >> config.mk
 		echo 'ZHDR_DIR =3D %{includedir}' >> config.mk
+
+		# Do not strip the binaries during install.
+		echo 'STRIPFLAG =3D' >> config.mk
 	end
=20
 	build
diff --git a/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch b/netpbm/patch=
es/netpbm-libnetpbm-use-ldflags.patch
new file mode 100644
index 000000000..21384cb26
--- /dev/null
+++ b/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch
@@ -0,0 +1,12 @@
+diff -Nur a/lib/Makefile b/lib/Makefile
+--- a/lib/Makefile	2019-06-29 01:07:55.000000000 +0200
++++ b/lib/Makefile	2023-03-12 09:21:25.558949353 +0100
+@@ -128,7 +128,7 @@
+ 	rm -f $@
+ 	$(SYMLINK) $< $@
+ libnetpbm.$(NETPBMLIBSUFFIX).$(MAJ).$(MIN): $(LIBOBJECTS) $(LIBOBJECTS_X)
+-	$(LD) $(LDSHLIB) -o $@ $(LIBOBJECTS) $(LIBOBJECTS_X) \
++	$(LD) $(LDFLAGS) $(LDSHLIB) -o $@ $(LIBOBJECTS) $(LIBOBJECTS_X) \
+           $(SHLIB_CLIB) -lm $(LADD)
+ endif
+=20
--=20
2.30.2


--===============1674113598167625114==--