2202e378de
- filter out potentially multiple instances of -Wl,-z,relro from krb5-config output, now that it's in the buildroot's default LDFLAGS
61 lines
3.1 KiB
Diff
61 lines
3.1 KiB
Diff
Build binaries in this package as RELRO PIEs, libraries as partial RELRO,
|
|
and install shared libraries with the execute bit set on them. Prune out
|
|
the -L/usr/lib*, PIE flags, and CFLAGS where they might leak out and affect
|
|
apps which just want to link with the libraries. FIXME: needs to check and
|
|
not just assume that the compiler supports using these flags.
|
|
|
|
diff -up krb5-1.9/src/config/shlib.conf krb5-1.9/src/config/shlib.conf
|
|
--- krb5-1.9/src/config/shlib.conf 2008-12-08 17:33:07.000000000 -0500
|
|
+++ krb5-1.9/src/config/shlib.conf 2009-06-04 14:01:28.000000000 -0400
|
|
@@ -419,7 +419,7 @@ mips-*-netbsd*)
|
|
SHLIBEXT=.so
|
|
# Linux ld doesn't default to stuffing the SONAME field...
|
|
# Use objdump -x to examine the fields of the library
|
|
- LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT),--no-undefined'
|
|
+ LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT),--no-undefined -Wl,-z,relro'
|
|
#
|
|
LDCOMBINE_TAIL='-Wl,--version-script binutils.versions && $(PERL) -w $(top_srcdir)/util/export-check.pl $(SHLIB_EXPORT_FILE) $@'
|
|
SHLIB_EXPORT_FILE_DEP=binutils.versions
|
|
@@ -430,7 +430,8 @@
|
|
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
|
|
PROFFLAGS=-pg
|
|
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
|
|
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
|
|
+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)'
|
|
+ INSTALL_SHLIB='${INSTALL} -m755'
|
|
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
|
|
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
|
|
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
|
|
diff -up krb5-1.9/src/krb5-config.in krb5-1.9/src/krb5-config.in
|
|
--- krb5-1.9/src/krb5-config.in 2009-06-04 14:01:28.000000000 -0400
|
|
+++ krb5-1.9/src/krb5-config.in 2009-06-04 14:01:28.000000000 -0400
|
|
@@ -187,8 +187,15 @@ if test -n "$do_libs"; then
|
|
-e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
|
|
-e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
|
|
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
|
|
- -e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
|
|
+ -e 's#\$(CFLAGS)##'`
|
|
|
|
+ if test `dirname $libdir` = /usr ; then
|
|
+ lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"`
|
|
+ fi
|
|
+ lib_flags=`echo $lib_flags | sed -e "s#-fPIE##g" -e "s#-pie##g"`
|
|
+ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro##g"`
|
|
+ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,now##g"`
|
|
+
|
|
if test $library = 'kdb'; then
|
|
lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
|
|
library=krb5
|
|
diff -up krb5-1.9/src/config/pre.in krb5-1.9/src/config/pre.in
|
|
--- krb5-1.9/src/config/pre.in 2011-04-01 15:45:06.640705226 -0400
|
|
+++ krb5-1.9/src/config/pre.in 2011-04-01 15:45:11.179705234 -0400
|
|
@@ -188,7 +188,7 @@
|
|
INSTALL_SCRIPT=@INSTALL_PROGRAM@
|
|
INSTALL_DATA=@INSTALL_DATA@
|
|
INSTALL_SHLIB=@INSTALL_SHLIB@
|
|
-INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
|
|
+INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755
|
|
## This is needed because autoconf will sometimes define @exec_prefix@ to be
|
|
## ${prefix}.
|
|
prefix=@prefix@
|