Commit 17fef13b authored by Joachim Wiedorn's avatar Joachim Wiedorn

Add CFLAGS and LDFLAGS for hardening

parent 6e158bba
......@@ -13,8 +13,10 @@ lilo (1:24.0-1) unstable; urgency=low
- Bump to Standards Version 3.9.4 (no changes).
- Remove suggestion to package lilo-doc.
- Move to debhelper >=9.
* Fix: add full support for CFLAGS and LDFLAGS
to support hardening flags.
-- Joachim Wiedorn <ad_debian@joonet.de> Fri, 07 Jun 2013 23:00:00 +0200
-- Joachim Wiedorn <ad_debian@joonet.de> Sat, 08 Jun 2013 14:27:16 +0200
lilo (1:23.2-4) unstable; urgency=medium
......
Package: lio
Subject: add compile flags for hardening
Author: Joachim Wiedorn <ad_debian at joonet.de>
Forwarded: no
Last-Update: 2013-06-08
To support hardening CFLAGS and LDFLAGS must be used
by compiler executions.
---
diff -urNa s10/src/Makefile s11/src/Makefile
--- s10/src/Makefile 2013-06-07 22:44:13.000000000 +0200
+++ s11/src/Makefile 2013-06-08 13:16:36.415275904 +0200
@@ -16,14 +16,14 @@
SHELL=/bin/sh
CC=gcc
-CPP=$(CC) -E -P -ffreestanding
+CPP=$(CC) -E
AS86=as86 -0 -a
LD86=ld86 -0
NASM=nasm
G=`cat foo1 foo2 | grep version | cut -d " " -f 3`
-CFLAGS=$(OPT) -Wall $(PCONFIG)
-LDFLAGS=#-Xlinker -qmagic
+FREE=-P -ffreestanding
+CFLAGS=$(FREE) $(OPT) -Wall $(PCONFIG)
LIBS=$(DEVMAPPER)
OBJS=lilo.o raid.o map.o geometry.o boot.o device.o common.o bsect.o cfg.o \
@@ -79,7 +79,7 @@
echo $(MAN_DIR)
.c.o:
- $(CC) -c $(CFLAGS) $*.c
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $*.c
.s.o:
$(AS86) -w -l $*.lis -o $*.o $*.s
@@ -91,7 +91,7 @@
dd if=$*.img of=$*.b bs=32 skip=1
edit: $(EDIT)
- $(CC) $(CFLAGS) -DSTANDALONE -o edit $(EDIT) $(LDFLAGS)
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DSTANDALONE -o edit $(EDIT)
loader.i: mkloader first.b second.b third.b bitmap.b mbr.b chain.b mbr2.b
./mkloader >loader.i
@@ -100,30 +100,30 @@
cp disk.b disk.com
disk.s: disk.S read.S bdata.h biosdata.S lilo.h Makefile
- $(CPP) -traditional $(PCONFIG) -o disk.s disk.S
+ $(CPP) $(CPPFLAGS) -traditional $(PCONFIG) -o disk.s disk.S
mbr.s: mbr.S lilo.h Makefile
- $(CPP) -traditional $(PCONFIG) -DMBR=0xafbbe760 \
+ $(CPP) $(CPPFLAGS) -traditional $(PCONFIG) -DMBR=0xafbbe760 \
-o mbr.s mbr.S
mbr.b: mbr.img
dd if=$*.img of=$*.b bs=32 skip=49
mbr2.s: mbr.S lilo.h Makefile
- $(CPP) -traditional $(PCONFIG) -DMBX=0x93c00848 \
+ $(CPP) $(CPPFLAGS) -traditional $(PCONFIG) -DMBX=0x93c00848 \
-o mbr2.s mbr.S
mbr2.b: mbr2.img
dd if=$*.img of=$*.b bs=32 skip=49
bootsect.s: bootsect.S disk.b
- $(CPP) -traditional $(PCONFIG) \
+ $(CPP) $(CPPFLAGS) -traditional $(PCONFIG) \
-DSIZEDISKB=`wc -c <disk.b | sed "s/ //g"` \
-o bootsect.s bootsect.S
pseudo1.s: bootsect.S pseudo.S disk.com
cat bootsect.S pseudo.S >$(TMP).S
- $(CPP) -traditional $(PCONFIG) \
+ $(CPP) $(CPPFLAGS) -traditional $(PCONFIG) \
-DSIZEKRNL=`wc -c <disk.com | sed "s/ //g"` \
-DSIZEDISKB=512 -o pseudo1.s $(TMP).S
rm -f $(TMP).S
@@ -131,7 +131,7 @@
pseudo2.s: bootsect.S pseudo.S
$(MAKE) -C ../diagnose all
cat bootsect.S pseudo.S >$(TMP).S
- $(CPP) -traditional $(PCONFIG) \
+ $(CPP) $(CPPFLAGS) -traditional $(PCONFIG) \
-DSIZEKRNL=`wc -c <../diagnose/test4.com | sed "s/ //g"` \
-DSIZEDISKB=512 -o pseudo2.s $(TMP).S
rm -f $(TMP).S
@@ -139,7 +139,7 @@
pseudo3.s: bootsect.S pseudo.S
$(MAKE) -C ../diagnose all
cat bootsect.S pseudo.S >$(TMP).S
- $(CPP) -traditional $(PCONFIG) \
+ $(CPP) $(CPPFLAGS) -traditional $(PCONFIG) \
-DSIZEKRNL=`wc -c <../diagnose/test5.com | sed "s/ //g"` \
-DSIZEDISKB=512 -o pseudo3.s $(TMP).S
rm -f $(TMP).S
@@ -176,13 +176,13 @@
cp -p dparam.S dparam.s
lilo: $(OBJS)
- $(CC) -o lilo $(LDFLAGS) $(OBJS) $(LIBS)
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o lilo $(OBJS) $(LIBS)
lilo.static: $(OBJS)
- $(CC) -o lilo.static -static $(LDFLAGS) $(OBJS) $(LIBS)
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o lilo.static -static $(OBJS) $(LIBS)
common.s: common.h
- $(CPP) -C -traditional -DLILO_ASM -o common.s common.h
+ $(CPP) $(CPPFLAGS) -C -traditional -DLILO_ASM -o common.s common.h
bitmap.o: bitmap.s common.s
third.o: third.s common.s
@@ -191,25 +191,25 @@
chain.o: chain.s common.s
first.s: first.S lilo.h version.h Makefile
- $(CPP) $(PCONFIG) -DFIRST=0x62177489 -o first.s first.S
+ $(CPP) $(CPPFLAGS) $(PCONFIG) -DFIRST=0x62177489 -o first.s first.S
second.s: second.S read.S volume.S mapper.S biosdata.S shs3.S bdata.h lilo.h version.h \
graph.S menu.S strlen.S bitmap.S crt.S display4.S Makefile
- $(CPP) $(PCONFIG) -DTEXT=0x9dd476ec second.S -o second.s
+ $(CPP) $(CPPFLAGS) $(PCONFIG) -DTEXT=0x9dd476ec second.S -o second.s
third.s: second.S read.S volume.S mapper.S biosdata.S shs3.S bdata.h lilo.h version.h \
graph.S menu.S strlen.S bitmap.S crt.S display4.S Makefile
- $(CPP) $(PCONFIG) -DMENU=0x2012a4a7 second.S -o third.s
+ $(CPP) $(CPPFLAGS) $(PCONFIG) -DMENU=0x2012a4a7 second.S -o third.s
bitmap.s: second.S read.S volume.S mapper.S biosdata.S shs3.S bdata.h lilo.h version.h \
graph.S menu.S strlen.S bitmap.S crt.S display4.S Makefile
- $(CPP) $(PCONFIG) -DBITMAP=0x2ece2fbe second.S -o bitmap.s
+ $(CPP) $(CPPFLAGS) $(PCONFIG) -DBITMAP=0x2ece2fbe second.S -o bitmap.s
chain.s: chain.S lilo.h version.h first.b Makefile
- $(CPP) $(PCONFIG) -DCHAIN=0x536a7646 chain.S -o chain.s
+ $(CPP) $(CPPFLAGS) $(PCONFIG) -DCHAIN=0x536a7646 chain.S -o chain.s
xxx.s: chain.S lilo.h Makefile
- $(CPP) chain.S -DXXX -o xxx.s
+ $(CPP) $(CPPFLAGS) chain.S -DXXX -o xxx.s
$(OBJS): Makefile
@@ -254,14 +254,14 @@
dep:
sed '/\#\#\# Dependencies/q' <Makefile >tmp_make
- $(CPP) $(CFLAGS) -MM *.c >>tmp_make
+ $(CPP) $(CFLAGS) $(CPPFLAGS) -MM *.c >>tmp_make
mv tmp_make Makefile
version: common.c lilo.h common.h
- $(CC) $(CFLAGS) -DSHS_MAIN -o version common.c
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DSHS_MAIN -o version common.c
mkloader: temp.c
- $(CC) $(CFLAGS) -DLILO_BINARY -o mkloader temp.c
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DLILO_BINARY -o mkloader temp.c
tidy:
......@@ -7,3 +7,4 @@
08_install-also-dat-files.patch
09_use-of-newer-debhelper.patch
10_fix-src-makefile.patch
11_add-compile-flags.patch
......@@ -7,3 +7,4 @@
08_install-also-dat-files.patch
09_use-of-newer-debhelper.patch
10_fix-src-makefile.patch
11_add-compile-flags.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment