libcap: Fix hardening

* Add CFLAGS to workaround a compiler bug with
  affects SSP in some cases.

* Add patch to proper use our CFLAGS

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/libcap/libcap.nm b/libcap/libcap.nm
index 024a458f0c6a21d47930a8096fee6c8aa04b7352..1b3f27d0e84c0391659e9c35176155d4877d50f7 100644 (file)
--- a/libcap/libcap.nm
+++ b/libcap/libcap.nm
@@ -5,7 +5,7 @@
 
 name       = libcap
 version    = 2.66
-release    = 1
+release    = 2
 
 groups     = System/Libraries
 url        = http://ftp.kernel.org/pub/linux/libs/security/linux-privs/libcap2/
@@ -28,6 +28,10 @@ build
                /bin/ping
        end
 
+       CFLAGS += \
+               -fno-builtin-exit \
+               -D__noreturn__=
+
        build
                make DYNAMIC=yes LIBATTR=yes \
                        CFLAGS="%{CFLAGS}" LDFLAGS="%{LDFLAGS}"

diff --git a/libcap/patches/libcap-cflags.patch b/libcap/patches/libcap-cflags.patch
new file mode 100644 (file)
index 0000000..d77eefb
--- /dev/null
+++ b/libcap/patches/libcap-cflags.patch
@@ -0,0 +1,12 @@
+diff -Nur a/Make.Rules b/Make.Rules
+--- a/Make.Rules       2022-09-24 20:41:21.000000000 +0000
++++ b/Make.Rules       2023-03-10 16:22:35.826124239 +0000
+@@ -80,7 +80,7 @@
+ WARNINGS=-Wall -Wwrite-strings -Wpointer-arith -Wcast-qual -Wcast-align \
+       -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs       \
+       -Winline -Wshadow -Wunreachable-code
+-COPTS ?= -O2
++COPTS ?= $(CFLAGS)
+ CFLAGS ?= $(COPTS) $(DEBUG)
+ CFLAGS += $(WARNINGS)
+ CPPFLAGS += -Dlinux $(DEFINES) $(LIBCAP_INCLUDES)