packages/libwd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libwd/0003-uadk-add-secure-compilation-option.patch
Zhangfei Gao 783b00bebc libwd: update to 2.6.0 
use openssl 1.1

Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
2024-02-01 07:45:21 +00:00

71 lines
2.0 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 4cd0b3e82205767ac151835e69736c61aca4eda8 Mon Sep 17 00:00:00 2001
From: Qi Tao <taoqi10@huawei.com>
Date: Thu, 18 Jan 2024 21:07:26 +0800
Subject: [PATCH 3/8] uadk: add secure compilation option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add PIE, PIC, BIND_NOW, SP, NO Rpath/RunPath, FS,
Ftrapv and Strip compilation options.
PIC-fPIC):
Generate position-Independent-Code and andomly
load dynamic libraries.
PIE(-fPIE -pie):
Generate location-independent executables,which
reduces the probability of fixed address attacks
and buffer overflow attacks.
BIND_NOW(-Wl,-z,relro,-z,now):
GOT table redirects all read-only,which defends
against ret2plt attacks.
SP(-fstack-protector-strong/all):
Determine whether an overflow attack occurs.
Strip(-Wl,-s):
Deleting symbol tables defends against hacker
attacks and reduces the file size.
FS(-D_FORTIFY_SOURCE=2 -O2):
Provides access checks for fixed-size buffers
at compile time and at run time.
Ftrapv(-ftrapv):
Detects integer overflow.
NO Rpath/RunPath(hardcode_into_libs=no):
Eliminates dynamic library search paths,
which defense against attacks by replacing
dynamic libraries with the same name.
Signed-off-by: Qi Tao <taoqi10@huawei.com>
---
Makefile.am | 2 ++
configure.ac | 1 +
2 files changed, 3 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index 51691cb..64cfa44 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,8 @@
ACLOCAL_AMFLAGS = -I m4 -I./include
AUTOMAKE_OPTIONS = foreign subdir-objects
AM_CFLAGS=-Wall -Werror -fno-strict-aliasing -I$(top_srcdir)/include
+AM_CFLAGS+=-fPIC -fPIE -pie -fstack-protector-strong -D_FORTIFY_SOURCE=2 \
+ -O2 -ftrapv -Wl,-z,relro,-z,now -Wl,-s
CLEANFILES =
if WITH_LOG_FILE
diff --git a/configure.ac b/configure.ac
index 2692175..b198417 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,6 +18,7 @@ AM_PROG_AR
AC_PROG_LIBTOOL
AM_PROG_LIBTOOL
LT_INIT
+AC_SUBST([hardcode_into_libs], [no])
AM_PROG_CC_C_O
AC_ARG_ENABLE([debug-log],
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink