[people/ms/ipfire-3.x.git] / krb5 / patches / krb5-1.10-buildconf.patch

Build binaries in this package as RELRO PIEs, libraries as partial RELRO,
and install shared libraries with the execute bit set on them.  Prune out
the -L/usr/lib* and PIE flags where they might leak out and affect
apps which just want to link with the libraries. FIXME: needs to check and
not just assume that the compiler supports using these flags.

--- krb5/src/config/shlib.conf
+++ krb5/src/config/shlib.conf
@@ -419,7 +419,7 @@ mips-*-netbsd*)
 	SHLIBEXT=.so
 	# Linux ld doesn't default to stuffing the SONAME field...
 	# Use objdump -x to examine the fields of the library
-	LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT),--no-undefined'
+	LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT),--no-undefined -Wl,-z,relro'
 	# 
 	LDCOMBINE_TAIL='-Wl,--version-script binutils.versions && $(PERL) -w $(top_srcdir)/util/export-check.pl $(SHLIB_EXPORT_FILE) $@'
 	SHLIB_EXPORT_FILE_DEP=binutils.versions
@@ -430,7 +430,8 @@
 	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
 	PROFFLAGS=-pg
 	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
-	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)'
+	INSTALL_SHLIB='${INSTALL} -m755'
 	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
 	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
 	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
--- krb5/src/krb5-config.in
+++ krb5/src/krb5-config.in
@@ -189,6 +189,13 @@ if test -n "$do_libs"; then
 	    -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
 	    -e 's#\$(CFLAGS)##'`
 
+    if test `dirname $libdir` = /usr ; then
+        lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"`
+    fi
+    lib_flags=`echo $lib_flags | sed -e "s#-fPIE##g" -e "s#-pie##g"`
+    lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro##g"`
+    lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,now##g"`
+
     if test $library = 'kdb'; then
 	lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
 	library=krb5
--- krb5/src/config/pre.in
+++ krb5/src/config/pre.in
@@ -188,7 +188,7 @@
 INSTALL_SCRIPT=@INSTALL_PROGRAM@
 INSTALL_DATA=@INSTALL_DATA@
 INSTALL_SHLIB=@INSTALL_SHLIB@
-INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
+INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755
 ## This is needed because autoconf will sometimes define @exec_prefix@ to be
 ## ${prefix}.
 prefix=@prefix@
Commit	Line	Data
6cf77d05 SS	1	Build binaries in this package as RELRO PIEs, libraries as partial RELRO,
	2	and install shared libraries with the execute bit set on them. Prune out
	3	the -L/usr/lib* and PIE flags where they might leak out and affect
	4	apps which just want to link with the libraries. FIXME: needs to check and
	5	not just assume that the compiler supports using these flags.
	6
	7	--- krb5/src/config/shlib.conf
	8	+++ krb5/src/config/shlib.conf
	9	@@ -419,7 +419,7 @@ mips--netbsd)
	10	SHLIBEXT=.so
	11	# Linux ld doesn't default to stuffing the SONAME field...
	12	# Use objdump -x to examine the fields of the library
	13	- LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT),--no-undefined'
	14	+ LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT),--no-undefined -Wl,-z,relro'
	15	#
	16	LDCOMBINE_TAIL='-Wl,--version-script binutils.versions && $(PERL) -w $(top_srcdir)/util/export-check.pl $(SHLIB_EXPORT_FILE) $@'
	17	SHLIB_EXPORT_FILE_DEP=binutils.versions
	18	@@ -430,7 +430,8 @@
	19	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
	20	PROFFLAGS=-pg
	21	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
	22	- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
	23	+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)'
	24	+ INSTALL_SHLIB='${INSTALL} -m755'
	25	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
	26	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
	27	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
	28	--- krb5/src/krb5-config.in
	29	+++ krb5/src/krb5-config.in
	30	@@ -189,6 +189,13 @@ if test -n "$do_libs"; then
	31	-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
	32	-e 's#\$(CFLAGS)##'`
	33
	34	+ if test `dirname $libdir` = /usr ; then
	35	+ lib_flags=`echo $lib_flags \| sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"`
	36	+ fi
	37	+ lib_flags=`echo $lib_flags \| sed -e "s#-fPIE##g" -e "s#-pie##g"`
	38	+ lib_flags=`echo $lib_flags \| sed -e "s#-Wl,-z,relro##g"`
	39	+ lib_flags=`echo $lib_flags \| sed -e "s#-Wl,-z,now##g"`
	40	+
	41	if test $library = 'kdb'; then
	42	lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
	43	library=krb5
	44	--- krb5/src/config/pre.in
	45	+++ krb5/src/config/pre.in
	46	@@ -188,7 +188,7 @@
	47	INSTALL_SCRIPT=@INSTALL_PROGRAM@
	48	INSTALL_DATA=@INSTALL_DATA@
	49	INSTALL_SHLIB=@INSTALL_SHLIB@
	50	-INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
	51	+INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755
	52	## This is needed because autoconf will sometimes define @exec_prefix@ to be
	53	## ${prefix}.
	54	prefix=@prefix@