From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] graphviz: Proper harden some binaries Date: Mon, 13 Mar 2023 16:41:23 +0100 Message-ID: <20230313154123.42489-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0404527410972898918==" List-Id: --===============0404527410972898918== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Use some additional compiler flags, to proper harden them. Signed-off-by: Stefan Schantl --- graphviz/graphviz.nm | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/graphviz/graphviz.nm b/graphviz/graphviz.nm index 625c554b2..c5147c5f5 100644 --- a/graphviz/graphviz.nm +++ b/graphviz/graphviz.nm @@ -5,7 +5,7 @@ name = graphviz version = 7.0.4 -release = 1 +release = 2 groups = Development/Tools url = https://gitlab.com/graphviz/graphviz @@ -42,6 +42,32 @@ build ./autogen.sh end + configure_options += \ + --enable-debug + + configure_cmds + # Add some additional C compiler flags to proper harden liblab_gamut. + sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + lib/edgepaint/Makefile + + # Add some additional C and C++ compiler flags to proper harden + # the "dot" binaries. + sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + cmd/dot/Makefile + sed -i '/^CXXFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + cmd/dot/Makefile + + # Add some additional C compiler flags to proper harden the + # "gvpr" binaries. + sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + cmd/gvpr/Makefile + + # Add some additional C compiler flags to proper harden the + # tools. + sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + cmd/tools/Makefile + end + test make check end -- 2.30.2 --===============0404527410972898918==--