diff options
author | Oleksandr Natalenko | 2022-05-12 21:17:31 +0200 |
---|---|---|
committer | Oleksandr Natalenko | 2022-05-12 21:17:31 +0200 |
commit | 5ecb77cfaf18d0ac5d30b7f76a24943615e418ce (patch) | |
tree | a9a9db7092b5695e7a69c233a47a22bbaadbce09 | |
parent | 4e29a8ebdc7f190866c47ea6337675e32686c439 (diff) | |
download | aur-5ecb77cfaf18d0ac5d30b7f76a24943615e418ce.tar.gz |
more hardening
Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
-rw-r--r-- | .SRCINFO | 8 | ||||
-rw-r--r-- | 01-uasm.patch | 11 | ||||
-rw-r--r-- | 02-gcc-12.patch (renamed from gcc-12.patch) | 0 | ||||
-rw-r--r-- | 03-hardening.patch | 29 | ||||
-rw-r--r-- | PKGBUILD | 16 |
5 files changed, 56 insertions, 8 deletions
@@ -1,14 +1,18 @@ pkgbase = 7-zip pkgdesc = File archiver with a high compression ratio pkgver = 21.07 - pkgrel = 2 + pkgrel = 3 url = https://www.7-zip.org arch = x86_64 license = LGPL makedepends = uasm source = https://7-zip.org/a/7z2107-src.7z - source = gcc-12.patch + source = 01-uasm.patch + source = 02-gcc-12.patch + source = 03-hardening.patch sha256sums = d1074d56f415aab99d99e597a7b66dc455dba6349ae8a4c89df76475b6a1284c + sha256sums = 76cabefa3bdf9fa2b6a7af1fc549534684b17f6785a32b0e1bc1f459d401eb74 sha256sums = e4d34366e091b8404dd04f02bcad46518d2930ec0b4a420e1316db020234b085 + sha256sums = 0fd25bfb4f9f330573f94c61c9708dc15791bb51a5b294a5ab81b0463de08453 pkgname = 7-zip diff --git a/01-uasm.patch b/01-uasm.patch new file mode 100644 index 000000000000..709c8b547b3f --- /dev/null +++ b/01-uasm.patch @@ -0,0 +1,11 @@ +--- a/CPP/7zip/7zip_gcc.mak 2021-12-25 15:00:00.000000000 +0100 ++++ b/CPP/7zip/7zip_gcc.mak 2022-05-12 21:06:28.101951648 +0200 +@@ -7,7 +7,7 @@ +
+ MY_ARCH_2 = $(MY_ARCH)
+
+-MY_ASM = asmc
++MY_ASM = uasm
+ ifdef USE_JWASM
+ MY_ASM = jwasm
+ endif
diff --git a/gcc-12.patch b/02-gcc-12.patch index 18f76e4a689d..18f76e4a689d 100644 --- a/gcc-12.patch +++ b/02-gcc-12.patch diff --git a/03-hardening.patch b/03-hardening.patch new file mode 100644 index 000000000000..4c646bcec786 --- /dev/null +++ b/03-hardening.patch @@ -0,0 +1,29 @@ +--- a/CPP/7zip/7zip_gcc.mak 2021-12-25 15:00:00.000000000 +0100 ++++ b/CPP/7zip/7zip_gcc.mak 2022-05-12 21:14:52.909954342 +0200 +@@ -126,7 +126,7 @@ +
+
+
+-CFLAGS = $(MY_ARCH_2) $(LOCAL_FLAGS) $(CFLAGS_BASE2) $(CFLAGS_BASE) $(CC_SHARED) -o $@
++CFLAGS = $(MY_ARCH_2) $(LOCAL_FLAGS) $(CFLAGS_BASE2) $(CFLAGS_BASE) -fstack-protector-strong $(CC_SHARED) -o $@
+
+
+ ifdef IS_MINGW
+@@ -154,7 +154,7 @@ + #-Wno-invalid-offsetof
+ #-Wno-reorder
+
+-CXXFLAGS = $(MY_ARCH_2) $(LOCAL_FLAGS) $(CXXFLAGS_BASE2) $(CFLAGS_BASE) $(CXXFLAGS_EXTRA) $(CC_SHARED) -o $@ $(CXX_WARN_FLAGS)
++CXXFLAGS = $(MY_ARCH_2) $(LOCAL_FLAGS) $(CXXFLAGS_BASE2) $(CFLAGS_BASE) $(CXXFLAGS_EXTRA) -fstack-protector-strong $(CC_SHARED) -o $@ $(CXX_WARN_FLAGS)
+
+ STATIC_TARGET=
+ ifdef COMPL_STATIC
+@@ -167,7 +167,7 @@ + $(O):
+ $(MY_MKDIR) $(O)
+
+-LFLAGS_ALL = -s $(MY_ARCH_2) $(LDFLAGS) $(LD_arch) $(OBJS) $(MY_LIBS) $(LIB2)
++LFLAGS_ALL = -s $(MY_ARCH_2) $(LDFLAGS) -Wl,-pie,-z,now,-z,noexecstack $(LD_arch) $(OBJS) $(MY_LIBS) $(LIB2)
+ $(PROGPATH): $(OBJS)
+ $(CXX) -o $(PROGPATH) $(LFLAGS_ALL)
+
@@ -2,21 +2,25 @@ pkgname=7-zip pkgver=21.07 -pkgrel=2 +pkgrel=3 pkgdesc="File archiver with a high compression ratio" url="https://www.7-zip.org" license=(LGPL) arch=(x86_64) makedepends=(uasm) source=(https://7-zip.org/a/7z2107-src.7z - gcc-12.patch) + 01-uasm.patch + 02-gcc-12.patch + 03-hardening.patch) sha256sums=('d1074d56f415aab99d99e597a7b66dc455dba6349ae8a4c89df76475b6a1284c' - 'e4d34366e091b8404dd04f02bcad46518d2930ec0b4a420e1316db020234b085') + '76cabefa3bdf9fa2b6a7af1fc549534684b17f6785a32b0e1bc1f459d401eb74' + 'e4d34366e091b8404dd04f02bcad46518d2930ec0b4a420e1316db020234b085' + '0fd25bfb4f9f330573f94c61c9708dc15791bb51a5b294a5ab81b0463de08453') prepare() { - sed -i 's|MY_ASM = asmc|MY_ASM = uasm|g' CPP/7zip/7zip_gcc.mak - sed -i 's|LFLAGS_ALL = -s $(MY_ARCH_2) $(LDFLAGS) $(LD_arch) $(OBJS) $(MY_LIBS) $(LIB2)|LFLAGS_ALL = -s $(MY_ARCH_2) $(LDFLAGS) -Wl,-z,noexecstack $(LD_arch) $(OBJS) $(MY_LIBS) $(LIB2)|g' CPP/7zip/7zip_gcc.mak - patch -Np1 -i ../gcc-12.patch + patch -Np1 -i ../01-uasm.patch + patch -Np1 -i ../02-gcc-12.patch + patch -Np1 -i ../03-hardening.patch } build() { |