* [git.ipfire.org] IPFire 3.x development tree branch, master, updated. cd1320f79f73492864c08631169f3ac358dfb0cc
@ 2023-03-13 10:23 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2023-03-13 10:23 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 7387 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 3.x development tree".
The branch, master has been updated
via cd1320f79f73492864c08631169f3ac358dfb0cc (commit)
via 5e3aea49e4b409a380d98eb92636e088c319bc73 (commit)
via 4f27435ee86a2b0446b54d6d8ddd19305a22f220 (commit)
via 6659cc1188028ad3fabb72603158e386260fb7ed (commit)
via efb8e57d8dfc7456f65ebc56cd484879453f43f8 (commit)
from e22cda58e51721fd2d0248f05528d68734f1d6d1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cd1320f79f73492864c08631169f3ac358dfb0cc
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 12 09:27:06 2023 +0100
netpbm: Fix hardening
* Add some additional CFLAGS to workaround a gcc bug
with enabled SSP.
* Add patch to proper use our LDFLAGS when linking libnetpbm.
* Disable stripping the binaries during install.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5e3aea49e4b409a380d98eb92636e088c319bc73
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 11 17:43:37 2023 +0100
openjade: Use our LDFLAGS when linking the libraries
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4f27435ee86a2b0446b54d6d8ddd19305a22f220
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 11 14:46:58 2023 +0100
gawk: Proper build with PIE
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6659cc1188028ad3fabb72603158e386260fb7ed
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 11 14:29:45 2023 +0100
gettext: Fix hardening for some binaries.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit efb8e57d8dfc7456f65ebc56cd484879453f43f8
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 11 13:53:17 2023 +0100
bison: Proper use LDFLAGS to link liby
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
bison/bison.nm | 4 ++--
gawk/gawk.nm | 8 +++++++-
gettext/gettext.nm | 9 ++++++++-
netpbm/netpbm.nm | 9 ++++++++-
netpbm/patches/netpbm-libnetpbm-use-ldflags.patch | 12 ++++++++++++
openjade/openjade.nm | 7 ++++++-
6 files changed, 43 insertions(+), 6 deletions(-)
create mode 100644 netpbm/patches/netpbm-libnetpbm-use-ldflags.patch
Difference in files:
diff --git a/bison/bison.nm b/bison/bison.nm
index 96d0ed331..3a8665a0c 100644
--- a/bison/bison.nm
+++ b/bison/bison.nm
@@ -5,7 +5,7 @@
name = bison
version = 3.8.2
-release = 1
+release = 2
groups = Development/Tools
url = http://www.gnu.org/software/bison/
@@ -32,7 +32,7 @@ build
build_cmds
cd lib
- gcc -shared -Wl,-soname,liby.so.%{version} \
+ gcc %{LDFLAGS} -shared -Wl,-soname,liby.so.%{version} \
-o liby.so.%{version} %{CFLAGS} main.o yyerror.o
end
diff --git a/gawk/gawk.nm b/gawk/gawk.nm
index 5060b1704..0e544ee70 100644
--- a/gawk/gawk.nm
+++ b/gawk/gawk.nm
@@ -5,7 +5,7 @@
name = gawk
version = 5.2.1
-release = 1
+release = 2
groups = System/Tools
url = https://www.gnu.org/software/gawk/gawk.html
@@ -31,6 +31,12 @@ build
configure_options += \
--with-libsigsegv-prefix=no
+ prepare_cmds
+ # The config scripts checks if the used compiler accepts -no-pie and if
+ # yes, will set this as compile and linker flags - Change this to pie.
+ sed -i 's/-no-pie/-pie/g' configure
+ end
+
test
make check diffout
end
diff --git a/gettext/gettext.nm b/gettext/gettext.nm
index 264eb2db0..1e2af67f7 100644
--- a/gettext/gettext.nm
+++ b/gettext/gettext.nm
@@ -5,7 +5,7 @@
name = gettext
version = 0.21.1
-release = 2.1
+release = 3
groups = System/Base
url = https://www.gnu.org/software/gettext/
@@ -44,6 +44,13 @@ build
--enable-shared \
--disable-rpath
+ configure_cmds
+ # Add additional compiler flages to build gettext-tools binaries with
+ # proper hardening.
+ sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
+ %{DIR_APP}/gettext-tools/src/Makefile
+ end
+
test
make check || :
end
diff --git a/netpbm/netpbm.nm b/netpbm/netpbm.nm
index 49488e5fa..cbafb517c 100644
--- a/netpbm/netpbm.nm
+++ b/netpbm/netpbm.nm
@@ -5,7 +5,7 @@
name = netpbm
version = 10.73.42
-release = 1
+release = 2
groups = System/Libraries
url = https://netpbm.sourceforge.net/
@@ -37,6 +37,10 @@ build
perl(English)
end
+ CFLAGS += \
+ -fno-builtin-exit \
+ -D__noreturn__=
+
prepare_cmds
# Create config file.
cp -avf config.mk.in config.mk
@@ -58,6 +62,9 @@ build
echo 'JPEGHDR_DIR = %{includedir}' >> config.mk
echo 'PNGHDR_DIR = %{includedir}' >> config.mk
echo 'ZHDR_DIR = %{includedir}' >> config.mk
+
+ # Do not strip the binaries during install.
+ echo 'STRIPFLAG =' >> config.mk
end
build
diff --git a/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch b/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch
new file mode 100644
index 000000000..21384cb26
--- /dev/null
+++ b/netpbm/patches/netpbm-libnetpbm-use-ldflags.patch
@@ -0,0 +1,12 @@
+diff -Nur a/lib/Makefile b/lib/Makefile
+--- a/lib/Makefile 2019-06-29 01:07:55.000000000 +0200
++++ b/lib/Makefile 2023-03-12 09:21:25.558949353 +0100
+@@ -128,7 +128,7 @@
+ rm -f $@
+ $(SYMLINK) $< $@
+ libnetpbm.$(NETPBMLIBSUFFIX).$(MAJ).$(MIN): $(LIBOBJECTS) $(LIBOBJECTS_X)
+- $(LD) $(LDSHLIB) -o $@ $(LIBOBJECTS) $(LIBOBJECTS_X) \
++ $(LD) $(LDFLAGS) $(LDSHLIB) -o $@ $(LIBOBJECTS) $(LIBOBJECTS_X) \
+ $(SHLIB_CLIB) -lm $(LADD)
+ endif
+
diff --git a/openjade/openjade.nm b/openjade/openjade.nm
index 717e4dd06..7437215ec 100644
--- a/openjade/openjade.nm
+++ b/openjade/openjade.nm
@@ -5,7 +5,7 @@
name = openjade
version = 1.3.2
-release = 6
+release = 7
groups = Application/Text
url = https://openjade.sourceforge.net/
@@ -39,6 +39,11 @@ build
%{MACRO_FIX_AUTOTOOLS}
end
+ configure_cmds
+ # Ensure to use our LDFLAGS when linking the libraries.
+ sed -i 's/LINKFLAGS =/LINKFLAGS = %{LDFLAGS}/g' Makefile.lib
+ end
+
install_cmds
# Create symlink for jade
ln -s openjade %{BUILDROOT}/usr/bin/jade
hooks/post-receive
--
IPFire 3.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-03-13 10:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-13 10:23 [git.ipfire.org] IPFire 3.x development tree branch, master, updated. cd1320f79f73492864c08631169f3ac358dfb0cc Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox