Hi. Please remove: procps-3.2.5-hardened_cflags-1.patch and please add this attachment.
robert
Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) Date: 2005-11-02 Initial Package Version: 3.2.6 Upstream Status: Not submitted Origin: None Description: Check for gcc -fpie, -fpic, -fstack-protector, and ld -pie, -z relro, -z now. Use whatever works. See: http://www.linuxfromscratch.org/hlfs/ diff -Naur procps-3.2.6.orig/Makefile procps-3.2.6/Makefile --- procps-3.2.6.orig/Makefile 2005-10-30 06:27:04.000000000 +0000 +++ procps-3.2.6/Makefile 2005-11-02 22:10:58.000000000 +0000 @@ -104,10 +104,12 @@ # an option that starts with "-g". (-g, -g2, -g3, -ggdb, etc.) CFLAGS := -O2 -s ALL_CFLAGS := $(PKG_CFLAGS) $(CFLAGS) +EXE_CFLAGS := PKG_LDFLAGS := -Wl,-warn-common LDFLAGS := ALL_LDFLAGS := $(PKG_LDFLAGS) $(LDFLAGS) +EXE_LDFLAGS := ############ Add some extra flags if gcc allows @@ -148,6 +150,13 @@ # in case -O3 is enabled, avoid bloat ALL_CFLAGS += $(call check_gcc,-fno-inline-functions,) +# Extra stuff. +ALL_CFLAGS += $(call check_gcc,-fstack-protector-all,) +EXE_CFLAGS += $(call check_gcc,-pie -fpie,) +EXE_LDFLAGS += $(call check_gcc,-pie,) +ALL_LDFLAGS += $(call check_gcc,-z relro,) +ALL_LDFLAGS += $(call check_gcc,-z now,) + endif endif endif @@ -236,21 +245,24 @@ top.o : top.h %.o : %.c - $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -c -o $@ $< + $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) $(EXE_CFLAGS) -c -o $@ $< w.o: w.c - $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) $(W_SHOWFROM) -c $< + $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) $(EXE_CFLAGS) $(W_SHOWFROM) -c $< ############ prog.o --> prog pmap w uptime tload free sysctl vmstat utmp pgrep skill pwdx: % : %.o $(LIBPROC) - $(CC) $(ALL_CFLAGS) $^ $(ALL_LDFLAGS) -o $@ + $(CC) $(ALL_CFLAGS) $(EXE_CFLAGS) $^ $(ALL_LDFLAGS) \ + $(EXE_LDFLAGS) -o $@ slabtop top: % : %.o $(LIBPROC) - $(CC) $(ALL_CFLAGS) $^ $(ALL_LDFLAGS) -o $@ $(CURSES) + $(CC) $(ALL_CFLAGS) $(EXE_CFLAGS) $^ $(ALL_LDFLAGS) \ + $(EXE_LDFLAGS) -o $@ $(CURSES) watch: % : %.o - $(CC) $(ALL_CFLAGS) $^ $(ALL_LDFLAGS) -o $@ $(CURSES) + $(CC) $(ALL_CFLAGS) $(EXE_CFLAGS) $^ $(ALL_LDFLAGS) \ + $(EXE_LDFLAGS) -o $@ $(CURSES) ############ progX --> progY diff -Naur procps-3.2.6.orig/Makefile.orig procps-3.2.6/Makefile.orig --- procps-3.2.6.orig/Makefile.orig 1970-01-01 00:00:00.000000000 +0000 +++ procps-3.2.6/Makefile.orig 2005-10-30 06:27:04.000000000 +0000 @@ -0,0 +1,261 @@ +# procps Makefile +# Albert Cahalan, 2002-2004 +# +# Recursive make is considered harmful: +# http://google.com/search?q=%22recursive+make+considered+harmful%22 +# +# For now this Makefile uses explicit dependencies. The project +# hasn't grown big enough to need something complicated, and the +# dependency tracking files are an ugly annoyance. +# +# This file includes */module.mk files which add on to variables: +# FOO += bar/baz +# +# +# Set (or uncomment) SKIP if you wish to avoid something. +# For example, you may prefer the /bin/kill from util-linux or bsdutils. + + +VERSION := 3 +SUBVERSION := 2 +MINORVERSION := 6 +TARVERSION := $(VERSION).$(SUBVERSION).$(MINORVERSION) + +############ vars + +# so you can disable them or choose alternates +ldconfig := ldconfig +ln_f := ln -f +ln_sf := ln -sf +install := install -D --owner 0 --group 0 + +# Lame x86-64 /lib64 and /usr/lib64 abomination: +lib64 := lib$(shell [ -d /lib64 ] && echo 64) + +usr/bin := $(DESTDIR)/usr/bin/ +bin := $(DESTDIR)/bin/ +sbin := $(DESTDIR)/sbin/ +usr/proc/bin := $(DESTDIR)/usr/bin/ +man1 := $(DESTDIR)/usr/share/man/man1/ +man5 := $(DESTDIR)/usr/share/man/man5/ +man8 := $(DESTDIR)/usr/share/man/man8/ +lib := $(DESTDIR)/$(lib64)/ +usr/lib := $(DESTDIR)/usr/$(lib64)/ +usr/include := $(DESTDIR)/usr/include/ + +#SKIP := $(bin)kill $(man1)kill.1 + +BINFILES := $(usr/bin)uptime $(usr/bin)tload $(usr/bin)free $(usr/bin)w \ + $(usr/bin)top $(usr/bin)vmstat $(usr/bin)watch $(usr/bin)skill \ + $(usr/bin)snice $(bin)kill $(sbin)sysctl $(usr/bin)pmap \ + $(usr/proc/bin)pgrep $(usr/proc/bin)pkill $(usr/bin)slabtop \ + $(usr/proc/bin)pwdx + +MANFILES := $(man1)uptime.1 $(man1)tload.1 $(man1)free.1 $(man1)w.1 \ + $(man1)top.1 $(man1)watch.1 $(man1)skill.1 $(man1)kill.1 \ + $(man1)snice.1 $(man1)pgrep.1 $(man1)pkill.1 $(man1)pmap.1 \ + $(man5)sysctl.conf.5 $(man8)vmstat.8 $(man8)sysctl.8 \ + $(man1)slabtop.1 $(man1)pwdx.1 + +TARFILES := AUTHORS BUGS NEWS README TODO COPYING COPYING.LIB \ + Makefile procps.lsm procps.spec v t README.top CodingStyle \ + sysctl.conf minimal.c $(notdir $(MANFILES)) dummy.c \ + uptime.c tload.c free.c w.c top.c vmstat.c watch.c skill.c \ + sysctl.c pgrep.c top.h pmap.c slabtop.c pwdx.c + +# Stuff (tests, temporary hacks, etc.) left out of the standard tarball +# plus the top-level Makefile to make it work stand-alone. +_TARFILES := Makefile + +CURSES := -lncurses + +# This seems about right for the dynamic library stuff. +# Something like this is probably needed to make the SE Linux +# library loading not conflict with embedded systems stuff. +# +#ifeq ($(SHARED),1) +#ldl := -ldl +#LIBTYPE := -DSHAREDLIB +#else +#LIBTYPE := -DSTATICLIB +#endif + +# Preprocessor flags. +PKG_CPPFLAGS := -D_GNU_SOURCE -I proc +CPPFLAGS := -I/usr/include/ncurses +ALL_CPPFLAGS := $(PKG_CPPFLAGS) $(CPPFLAGS) + +# Left out -Wconversion due to noise in glibc headers. +# Left out -Wunreachable-code and -Wdisabled-optimization +# because gcc spews many useless warnings with them. +# +# Since none of the PKG_CFLAGS things are truly required +# to compile procps, they might best be moved to CFLAGS. +# On the other hand, they aren't normal -O -g things either. +# +# Note that -O2 includes -fomit-frame-pointer only if the arch +# doesn't lose some debugging ability. +# +PKG_CFLAGS := -fno-common -ffast-math \ + -W -Wall -Wshadow -Wcast-align -Wredundant-decls \ + -Wbad-function-cast -Wcast-qual -Wwrite-strings -Waggregate-return \ + -Wstrict-prototypes -Wmissing-prototypes +# Note that some stuff below is conditional on CFLAGS containing +# an option that starts with "-g". (-g, -g2, -g3, -ggdb, etc.) +CFLAGS := -O2 -s +ALL_CFLAGS := $(PKG_CFLAGS) $(CFLAGS) + +PKG_LDFLAGS := -Wl,-warn-common +LDFLAGS := +ALL_LDFLAGS := $(PKG_LDFLAGS) $(LDFLAGS) + +############ Add some extra flags if gcc allows + +ifneq ($(MAKECMDGOALS),clean) +ifneq ($(MAKECMDGOALS),tar) +ifneq ($(MAKECMDGOALS),extratar) +ifneq ($(MAKECMDGOALS),beta) + +# Unlike the kernel one, this check_gcc goes all the way to +# producing an executable. There might be a -m64 that works +# until you go looking for a 64-bit curses library. +check_gcc = $(shell if $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) dummy.c $(ALL_LDFLAGS) $(1) -o /dev/null $(CURSES) > /dev/null 2>&1; then echo "$(1)"; else echo "$(2)"; fi ;) + +# Be 64-bit if at all possible. In a cross-compiling situation, one may +# do "make m64=-m32 lib64=lib" to produce 32-bit executables. DO NOT +# attempt to use a 32-bit executable on a 64-bit kernel. Packagers MUST +# produce separate executables for ppc and ppc64, s390 and s390x, +# i386 and x86-64, mips and mips64, sparc and sparc64, and so on. +# Failure to do so will cause data corruption. +m64 := $(call check_gcc,-m64,$(call check_gcc,-mabi=64,)) +ALL_CFLAGS += $(m64) + +ALL_CFLAGS += $(call check_gcc,-Wdeclaration-after-statement,) +ALL_CFLAGS += $(call check_gcc,-Wpadded,) +ALL_CFLAGS += $(call check_gcc,-Wstrict-aliasing,) + +# Adding -fno-gcse might be good for those files which +# use computed goto. +#ALL_CFLAGS += $(call check_gcc,-fno-gcse,) + +# if not debugging, enable things that could confuse gdb +ifeq (,$(findstring -g,$(filter -g%,$(CFLAGS)))) +ALL_CFLAGS += $(call check_gcc,-fweb,) +ALL_CFLAGS += $(call check_gcc,-frename-registers,) +ALL_CFLAGS += $(call check_gcc,-fomit-frame-pointer,) +endif + +# in case -O3 is enabled, avoid bloat +ALL_CFLAGS += $(call check_gcc,-fno-inline-functions,) + +endif +endif +endif +endif + +############ misc. + +# free.c pmap.c sysctl.c uptime.c vmstat.c watch.c pgrep.c skill.c tload.c top.c w.c +# utmp.c oldtop.c tmp-junk.c minimal.c + +.SUFFIXES: +.SUFFIXES: .a .o .c .s .h + +.PHONY: all clean do_all install tar extratar beta + +ALL := $(notdir $(BINFILES)) + +CLEAN := $(notdir $(BINFILES)) + +DIRS := + +INSTALL := $(BINFILES) $(MANFILES) + +# want this rule first, use := on ALL, and ALL not filled in yet +all: do_all + +-include */module.mk + +do_all: $(ALL) + +junk := DEADJOE *~ *.o core gmon.out + +# Remove $(junk) from all $(DIRS) +CLEAN += $(junk) $(foreach dir,$(DIRS),$(addprefix $(dir), $(junk))) + +########## +# not maintained because it isn't really needed: +# +#SRC := +#OBJ := $(patsubst %.c,%.o, $(filter %.c,$(SRC))) +# +#ifneq ($(MAKECMDGOALS),clean) +#-include $(OBJ:.o=.d) +#endif +# +#%.d: %.c +# depend.sh $(ALL_CPPFLAGS) $(ALL_CFLAGS) $< > $@ +############ + +# don't want to type "make procps-$(TARVERSION).tar.gz" +tar: $(TARFILES) + mkdir procps-$(TARVERSION) + (tar cf - $(TARFILES)) | (cd procps-$(TARVERSION) && tar xf -) + tar cf procps-$(TARVERSION).tar procps-$(TARVERSION) + gzip -9 procps-$(TARVERSION).tar + +extratar: $(_TARFILES) + mkdir procps-$(TARVERSION) + (tar cf - $(_TARFILES)) | (cd procps-$(TARVERSION) && tar xf -) + tar cf extra-$(TARVERSION).tar procps-$(TARVERSION) + gzip -9 extra-$(TARVERSION).tar + +beta: $(TARFILES) $(_TARFILES) + mkdir beta-$(TARVERSION) + (tar cf - $(TARFILES) $(_TARFILES)) | (cd beta-$(TARVERSION) && tar xf -) + tar cf beta-$(TARVERSION).tar beta-$(TARVERSION) + gzip -9 beta-$(TARVERSION).tar + +clean: + rm -f $(CLEAN) + +###### install + +$(BINFILES) : all + $(install) --mode a=rx $(notdir $@) $@ + +$(MANFILES) : all + $(install) --mode a=r $(notdir $@) $@ + +install: $(filter-out $(SKIP) $(addprefix $(DESTDIR),$(SKIP)),$(INSTALL)) + cd $(usr/bin) && $(ln_f) skill snice + cd $(usr/proc/bin) && $(ln_f) pgrep pkill + +############ prog.c --> prog.o + +top.o : top.h + +%.o : %.c + $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -c -o $@ $< + +w.o: w.c + $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) $(W_SHOWFROM) -c $< + +############ prog.o --> prog + +pmap w uptime tload free sysctl vmstat utmp pgrep skill pwdx: % : %.o $(LIBPROC) + $(CC) $(ALL_CFLAGS) $^ $(ALL_LDFLAGS) -o $@ + +slabtop top: % : %.o $(LIBPROC) + $(CC) $(ALL_CFLAGS) $^ $(ALL_LDFLAGS) -o $@ $(CURSES) + +watch: % : %.o + $(CC) $(ALL_CFLAGS) $^ $(ALL_LDFLAGS) -o $@ $(CURSES) + +############ progX --> progY + +snice kill: skill + ln -f skill $@ + +pkill: pgrep + ln -f pgrep pkill diff -Naur procps-3.2.6.orig/ps/module.mk procps-3.2.6/ps/module.mk --- procps-3.2.6.orig/ps/module.mk 2005-10-30 03:19:46.000000000 +0000 +++ procps-3.2.6/ps/module.mk 2005-11-02 22:11:51.000000000 +0000 @@ -20,14 +20,14 @@ TARFILES += $(PSSRC) $(addprefix ps/,$(PS_X)) ps/ps: $(PSOBJ) $(LIBPROC) - $(CC) $(ALL_CFLAGS) $(ALL_LDFLAGS) -o $@ $^ $(ldl) + $(CC) $(ALL_CFLAGS) $(ALL_LDFLAGS) $(EXE_LDFLAGS) -o $@ $^ $(ldl) # This just adds the stacktrace code ps/debug: $(PSOBJ) stacktrace.o $(LIBPROC) - $(CC) $(ALL_CFLAGS) $(ALL_LDFLAGS) -o $@ $^ -lefence $(ldl) + $(CC) $(ALL_CFLAGS) $(ALL_LDFLAGS) $(EXE_LDFLAGS) -o $@ $^ -lefence $(ldl) $(PSOBJ): %.o: %.c ps/common.h $(LIBPROC) - $(CC) -c $(ALL_CPPFLAGS) $(ALL_CFLAGS) $< -o $@ + $(CC) -c $(ALL_CPPFLAGS) $(ALL_CFLAGS) $(EXE_LDFLAGS) $< -o $@ ps/stacktrace.o: ps/stacktrace.c diff -Naur procps-3.2.6.orig/ps/module.mk.orig procps-3.2.6/ps/module.mk.orig --- procps-3.2.6.orig/ps/module.mk.orig 1970-01-01 00:00:00.000000000 +0000 +++ procps-3.2.6/ps/module.mk.orig 2005-10-30 03:19:46.000000000 +0000 @@ -0,0 +1,40 @@ +# This file gets included into the main Makefile, in the top directory. + +INSTALL += $(bin)ps $(man1)ps.1 + +# files to remove +CLEAN += ps/ps ps/debug + +# a directory for cleaning +DIRS += ps/ + +# a file to create +ALL += ps/ps + +PS_C := display global help output parser select sortformat +PSNAMES := $(addprefix ps/,$(PS_C)) +PSOBJ := $(addsuffix .o,$(PSNAMES)) +PSSRC := $(addsuffix .c,$(PSNAMES)) + +PS_X := COPYING HACKING TRANSLATION common.h module.mk it p ps.1 regression +TARFILES += $(PSSRC) $(addprefix ps/,$(PS_X)) + +ps/ps: $(PSOBJ) $(LIBPROC) + $(CC) $(ALL_CFLAGS) $(ALL_LDFLAGS) -o $@ $^ $(ldl) + +# This just adds the stacktrace code +ps/debug: $(PSOBJ) stacktrace.o $(LIBPROC) + $(CC) $(ALL_CFLAGS) $(ALL_LDFLAGS) -o $@ $^ -lefence $(ldl) + +$(PSOBJ): %.o: %.c ps/common.h $(LIBPROC) + $(CC) -c $(ALL_CPPFLAGS) $(ALL_CFLAGS) $< -o $@ + +ps/stacktrace.o: ps/stacktrace.c + + +$(bin)ps: ps/ps + $(install) --mode a=rx $< $@ + +$(man1)ps.1 : ps/ps.1 + $(install) --mode a=r $< $@ + -rm -f $(DESTDIR)/var/catman/cat1/ps.1.gz $(DESTDIR)/var/man/cat1/ps.1.gz diff -Naur procps-3.2.6.orig/ps/module.mk.rej procps-3.2.6/ps/module.mk.rej --- procps-3.2.6.orig/ps/module.mk.rej 1970-01-01 00:00:00.000000000 +0000 +++ procps-3.2.6/ps/module.mk.rej 2005-11-02 22:10:58.000000000 +0000 @@ -0,0 +1,32 @@ +*************** +*** 20,33 **** + TARFILES += $(PSSRC) $(addprefix ps/,$(PS_X)) + + ps/ps: $(PSOBJ) $(LIBPROC) +- $(CC) $(ALL_CFLAGS) $(ALL_LDFLAGS) -o $@ $^ + + # This just adds the stacktrace code + ps/debug: $(PSOBJ) stacktrace.o $(LIBPROC) +- $(CC) $(ALL_CFLAGS) $(ALL_LDFLAGS) -o $@ $^ -lefence + + $(PSOBJ): %.o: %.c ps/common.h $(LIBPROC) +- $(CC) -c $(ALL_CPPFLAGS) $(ALL_CFLAGS) $< -o $@ + + ps/stacktrace.o: ps/stacktrace.c + +--- 20,34 ---- + TARFILES += $(PSSRC) $(addprefix ps/,$(PS_X)) + + ps/ps: $(PSOBJ) $(LIBPROC) ++ $(CC) $(ALL_CFLAGS) $(EXE_CFLAGS) $(ALL_LDFLAGS) $(EXE_LDFLAGS) -o $@ $^ + + # This just adds the stacktrace code + ps/debug: $(PSOBJ) stacktrace.o $(LIBPROC) ++ $(CC) $(ALL_CFLAGS) $(EXE_CFLAGS) $(ALL_LDFLAGS) \ ++ $(EXE_LDFLAGS) -o $@ $^ -lefence + + $(PSOBJ): %.o: %.c ps/common.h $(LIBPROC) ++ $(CC) -c $(ALL_CPPFLAGS) $(ALL_CFLAGS) $(EXE_CFLAGS) $< -o $@ + + ps/stacktrace.o: ps/stacktrace.c +
-- http://linuxfromscratch.org/mailman/listinfo/patches FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
