!21 修复hikptool包的安全编译pie不生效问题
From: @veega2022 Reviewed-by: @kongzizaixian Signed-off-by: @kongzizaixian
This commit is contained in:
openeuler-ci-bot
Gitee
commit
f255b99f61
51
0003-fix-the-security-compilation-PIE-issue.patch
Normal file
51
0003-fix-the-security-compilation-PIE-issue.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From bac5c53adcb43f4bbba6f436c98d6451d55c80ad Mon Sep 17 00:00:00 2001
|
||||
From: veega2022 <zhuweijia@huawei.com>
|
||||
Date: Wed, 15 Mar 2023 08:28:37 +0000
|
||||
Subject: [PATCH] fix the security compilation PIE issue
|
||||
|
||||
add link options "-fPIE -pie", because the -T link is used, the pie becomes
|
||||
invalid.Therefore,change the ld file PROVIDE address to 0.
|
||||
|
||||
Signed-off-by: veega2022 <zhuweijia@huawei.com>
|
||||
---
|
||||
CMakeLists.txt | 4 ++--
|
||||
hikp_register.ld | 2 +-
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 0ba7370..6a396e7 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
project(hikptool C)
|
||||
|
||||
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -pie -fPIE -Wall")
|
||||
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -fPIC -fPIE -Wall")
|
||||
set(CMAKE_SKIP_RPATH TRUE)
|
||||
|
||||
macro(get_header_dir_recurse HEADER_DIR_LIST)
|
||||
@@ -44,6 +44,6 @@ target_include_directories(hikptool PRIVATE ${HIKPTOOL_HEADER_DIR})
|
||||
target_link_directories(hikptool PRIVATE ${CMAKE_INSTALL_PREFIX}/lib)
|
||||
target_link_libraries(hikptool PRIVATE KPTDEV_SO)
|
||||
target_link_options(hikptool PRIVATE
|
||||
- -Wl,-z,relro,-z,now -Wl,-z,noexecstack
|
||||
+ -Wl,-z,relro,-z,now -Wl,-z,noexecstack -fPIE -pie
|
||||
-g -lpthread -ldl -lm -lrt -T ${CMAKE_CURRENT_SOURCE_DIR}/hikp_register.ld)
|
||||
install(TARGETS hikptool RUNTIME DESTINATION bin OPTIONAL)
|
||||
diff --git a/hikp_register.ld b/hikp_register.ld
|
||||
index b1bec44..3bd44ff 100644
|
||||
--- a/hikp_register.ld
|
||||
+++ b/hikp_register.ld
|
||||
@@ -11,7 +11,7 @@ SEARCH_DIR("=/usr/aarch64-Huawei-linux/lib64"); SEARCH_DIR("=/usr/lib64"); SEARC
|
||||
SECTIONS
|
||||
{
|
||||
/* Read-only sections, merged into text segment: */
|
||||
- PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x400000)); . = SEGMENT_START("text-segment", 0x400000) + SIZEOF_HEADERS;
|
||||
+ PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x0)); . = SEGMENT_START("text-segment", 0x0) + SIZEOF_HEADERS;
|
||||
.interp : { *(.interp) }
|
||||
.note.gnu.build-id : { *(.note.gnu.build-id) }
|
||||
.hash : { *(.hash) }
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Name: hikptool
|
||||
Summary: A userspace tool for Linux providing problem location on Kunpeng chips
|
||||
Version: 1.0.0
|
||||
Release: 7
|
||||
Release: 8
|
||||
License: MulanPSL2
|
||||
Source: %{name}-%{version}.tar.gz
|
||||
ExclusiveOS: linux
|
||||
@ -16,6 +16,7 @@ ExclusiveArch: aarch64
|
||||
|
||||
Patch0001: 0001-socip-Return-EINVAL-when-the-parameter-check-fails.patch
|
||||
Patch0002: 0002-fix-compiler-security-option-problem.patch
|
||||
Patch0003: 0003-fix-the-security-compilation-PIE-issue.patch
|
||||
|
||||
%description
|
||||
This package contains the hikptool
|
||||
@ -68,6 +69,9 @@ fi
|
||||
/sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Wed Mar 15 2023 veega2022 <zhuweijia@huawei.com> 1.0.0-8
|
||||
- fix security compilation PIE issue
|
||||
|
||||
* Tue Dec 13 2022 veega2022 <zhuweijia@huawei.com> 1.0.0-7
|
||||
- fix compiler security option problem
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user