From patchwork Sat Mar 11 13:29:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 6688 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4PYkLB3vtLz3ww4 for ; Sat, 11 Mar 2023 13:29:54 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4PYkL9236TzRT; Sat, 11 Mar 2023 13:29:53 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4PYkL91SB3z2ytl; Sat, 11 Mar 2023 13:29:53 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4PYkL715Pfz2xLq for ; Sat, 11 Mar 2023 13:29:51 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4PYkL65CzGzQS; Sat, 11 Mar 2023 13:29:50 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1678541390; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=G0w3EQiGrkRdgj4SC7t3UuG7i5Pu/Bd01tsl0qZhOas=; b=eBvBzFRYCsQ1Zti2YJPaLSqRcSVGWbWFiOCPiB0Ay5+CCmSgjO74iH+xgM4itFbmKQ5Xis N9RtNHz9J4IuW1Dg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1678541390; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=G0w3EQiGrkRdgj4SC7t3UuG7i5Pu/Bd01tsl0qZhOas=; b=gxZdjz07Yr2o1I7B86aglpy1wnkgnwVkwcLoVTu2ULW0XVrdFwpO8hP7GekTYhjUBPH8i4 UeE9VCUVavkcKC/dxzSYmzTsqM1Bbb0We5sjVShM4mQVhI1Id0vDZeqlYMoCfg0vLl7kVW B48O+dNEcomJ4kUWHxz3UgHn2KNytpiZJtQcTJ3zL6TXREZibaxNREM00EgIEwQSd7nw6B c3UHkc3nH8bc5/99cUzU62yx0KQ6DGJEAfEFisHlj2Mg9a75bLuVOoD54VMSwXZ+O2d8EL pfwsmMdQk8cscwu5FKEXv4ZNJ5tmceufHHeaoEduJLeMb9qwjgLxPs0V6kScyA== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] gettext: Fix hardening for some binaries. Date: Sat, 11 Mar 2023 14:29:45 +0100 Message-Id: <20230311132945.384480-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Stefan Schantl --- gettext/gettext.nm | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/gettext/gettext.nm b/gettext/gettext.nm index 264eb2db0..1e2af67f7 100644 --- a/gettext/gettext.nm +++ b/gettext/gettext.nm @@ -5,7 +5,7 @@ name = gettext version = 0.21.1 -release = 2.1 +release = 3 groups = System/Base url = https://www.gnu.org/software/gettext/ @@ -44,6 +44,13 @@ build --enable-shared \ --disable-rpath + configure_cmds + # Add additional compiler flages to build gettext-tools binaries with + # proper hardening. + sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + %{DIR_APP}/gettext-tools/src/Makefile + end + test make check || : end