This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via cd1320f79f73492864c08631169f3ac358dfb0cc (commit) via 5e3aea49e4b409a380d98eb92636e088c319bc73 (commit) via 4f27435ee86a2b0446b54d6d8ddd19305a22f220 (commit) via 6659cc1188028ad3fabb72603158e386260fb7ed (commit) via efb8e57d8dfc7456f65ebc56cd484879453f43f8 (commit) from e22cda58e51721fd2d0248f05528d68734f1d6d1 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit cd1320f79f73492864c08631169f3ac358dfb0cc Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 12 09:27:06 2023 +0100
netpbm: Fix hardening
* Add some additional CFLAGS to workaround a gcc bug with enabled SSP.
* Add patch to proper use our LDFLAGS when linking libnetpbm.
* Disable stripping the binaries during install.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5e3aea49e4b409a380d98eb92636e088c319bc73 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 11 17:43:37 2023 +0100
openjade: Use our LDFLAGS when linking the libraries
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4f27435ee86a2b0446b54d6d8ddd19305a22f220 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 11 14:46:58 2023 +0100
gawk: Proper build with PIE
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6659cc1188028ad3fabb72603158e386260fb7ed Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 11 14:29:45 2023 +0100
gettext: Fix hardening for some binaries.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit efb8e57d8dfc7456f65ebc56cd484879453f43f8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 11 13:53:17 2023 +0100
bison: Proper use LDFLAGS to link liby
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: bison/bison.nm | 4 ++-- gawk/gawk.nm | 8 +++++++- gettext/gettext.nm | 9 ++++++++- netpbm/netpbm.nm | 9 ++++++++- netpbm/patches/netpbm-libnetpbm-use-ldflags.patch | 12 ++++++++++++ openjade/openjade.nm | 7 ++++++- 6 files changed, 43 insertions(+), 6 deletions(-) create mode 100644 netpbm/patches/netpbm-libnetpbm-use-ldflags.patch
Difference in files: diff --git a/bison/bison.nm b/bison/bison.nm index 96d0ed331..3a8665a0c 100644 --- a/bison/bison.nm +++ b/bison/bison.nm @@ -5,7 +5,7 @@
name = bison version = 3.8.2 -release = 1 +release = 2
groups = Development/Tools url = http://www.gnu.org/software/bison/ @@ -32,7 +32,7 @@ build
build_cmds cd lib - gcc -shared -Wl,-soname,liby.so.%{version} \ + gcc %{LDFLAGS} -shared -Wl,-soname,liby.so.%{version} \ -o liby.so.%{version} %{CFLAGS} main.o yyerror.o end
diff --git a/gawk/gawk.nm b/gawk/gawk.nm index 5060b1704..0e544ee70 100644 --- a/gawk/gawk.nm +++ b/gawk/gawk.nm @@ -5,7 +5,7 @@
name = gawk version = 5.2.1 -release = 1 +release = 2
groups = System/Tools url = https://www.gnu.org/software/gawk/gawk.html @@ -31,6 +31,12 @@ build configure_options += \ --with-libsigsegv-prefix=no
+ prepare_cmds + # The config scripts checks if the used compiler accepts -no-pie and if + # yes, will set this as compile and linker flags - Change this to pie. + sed -i 's/-no-pie/-pie/g' configure + end + test make check diffout end diff --git a/gettext/gettext.nm b/gettext/gettext.nm index 264eb2db0..1e2af67f7 100644 --- a/gettext/gettext.nm +++ b/gettext/gettext.nm @@ -5,7 +5,7 @@
name = gettext version = 0.21.1 -release = 2.1 +release = 3
groups = System/Base url = https://www.gnu.org/software/gettext/ @@ -44,6 +44,13 @@ build --enable-shared \ --disable-rpath
+ configure_cmds + # Add additional compiler flages to build gettext-tools binaries with + # proper hardening. + sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + %{DIR_APP}/gettext-tools/src/Makefile + end + test make check || : end diff --git a/netpbm/netpbm.nm b/netpbm/netpbm.nm index 49488e5fa..cbafb517c 100644 --- a/netpbm/netpbm.nm +++ b/netpbm/netpbm.nm @@ -5,7 +5,7 @@
name = netpbm version = 10.73.42 -release = 1 +release = 2
groups = System/Libraries url = https://netpbm.sourceforge.net/ @@ -37,6 +37,10 @@ build perl(English) end
+ CFLAGS += \ + -fno-builtin-exit \ + -D__noreturn__= + prepare_cmds # Create config file. cp -avf config.mk.in config.mk @@ -58,6 +62,9 @@ build echo 'JPEGHDR_DIR = %{includedir}' >> config.mk echo 'PNGHDR_DIR = %{includedir}' >> config.mk echo 'ZHDR_DIR = %{includedir}' >> config.mk + + # Do not strip the binaries during install. + echo 'STRIPFLAG =' >> config.mk end
build diff --git a/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch b/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch new file mode 100644 index 000000000..21384cb26 --- /dev/null +++ b/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch @@ -0,0 +1,12 @@ +diff -Nur a/lib/Makefile b/lib/Makefile +--- a/lib/Makefile 2019-06-29 01:07:55.000000000 +0200 ++++ b/lib/Makefile 2023-03-12 09:21:25.558949353 +0100 +@@ -128,7 +128,7 @@ + rm -f $@ + $(SYMLINK) $< $@ + libnetpbm.$(NETPBMLIBSUFFIX).$(MAJ).$(MIN): $(LIBOBJECTS) $(LIBOBJECTS_X) +- $(LD) $(LDSHLIB) -o $@ $(LIBOBJECTS) $(LIBOBJECTS_X) \ ++ $(LD) $(LDFLAGS) $(LDSHLIB) -o $@ $(LIBOBJECTS) $(LIBOBJECTS_X) \ + $(SHLIB_CLIB) -lm $(LADD) + endif + diff --git a/openjade/openjade.nm b/openjade/openjade.nm index 717e4dd06..7437215ec 100644 --- a/openjade/openjade.nm +++ b/openjade/openjade.nm @@ -5,7 +5,7 @@
name = openjade version = 1.3.2 -release = 6 +release = 7
groups = Application/Text url = https://openjade.sourceforge.net/ @@ -39,6 +39,11 @@ build %{MACRO_FIX_AUTOTOOLS} end
+ configure_cmds + # Ensure to use our LDFLAGS when linking the libraries. + sed -i 's/LINKFLAGS =/LINKFLAGS = %{LDFLAGS}/g' Makefile.lib + end + install_cmds # Create symlink for jade ln -s openjade %{BUILDROOT}/usr/bin/jade
hooks/post-receive -- IPFire 3.x development tree