krb5: Proper harden some binaries

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/krb5/krb5.nm b/krb5/krb5.nm
index 8d792748de13dd49bd936b6c6bf2b81ed37eccb5..9113a4a55f7b296a8e4afce5ae7ddd1524ea4c93 100644 (file)
--- a/krb5/krb5.nm
+++ b/krb5/krb5.nm
@@ -7,7 +7,7 @@ name       = krb5
 version    = %{ver_maj}.%{ver_min}
 ver_maj    = 1.20
 ver_min    = 1
-release    = 2.1
+release    = 3
 
 groups     = System/Libraries
 url        = https://web.mit.edu/kerberos/www/
@@ -58,6 +58,14 @@ build
                --with-crypto-impl=openssl \
                --with-pam
 
+       configure_cmds
+               # Add additional compiler flags to proper harden the binaries.
+               sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
+                       clients/kpasswd/Makefile
+               sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
+                       appl/simple/server/Makefile
+               sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
+                       appl/sample/sserver/Makefile
        end
 
        install_cmds