Bug 187667
| Summary: | [MAINTAINER] security/libscrypt: proper ssp usage and security improvements | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Horia Racoviceanu <horia> | ||||
| Component: | Individual Port(s) | Assignee: | Steve Wills <swills> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Horia Racoviceanu
2014-03-17 17:50:00 UTC
Responsible Changed From-To: freebsd-ports-bugs->swills swills@ wants this submitter's PRs (via the GNATS Auto Assign Tool) Author: swills Date: Tue Mar 18 13:24:54 2014 New Revision: 348541 URL: http://svnweb.freebsd.org/changeset/ports/348541 QAT: https://qat.redports.org/buildarchive/r348541/ Log: - Simulate SSP_NEED_NONSHARED for gcc - Add stack-protector-all to Options - Move CC and LIBDIR from REINPLACE to MAKE_ARGS - Remove duplicate -02 CFLAGS - Change strcpy() to strlcpy(), patch from OpenBSD - Move STRIP_CMD before installing DOCS - Bump PORTREVISION PR: ports/187667 Submitted by: Horia Racoviceanu <horia@racoviceanu.com> (maintainer) Modified: head/security/libscrypt/Makefile Modified: head/security/libscrypt/Makefile ============================================================================== --- head/security/libscrypt/Makefile Tue Mar 18 13:24:51 2014 (r348540) +++ head/security/libscrypt/Makefile Tue Mar 18 13:24:54 2014 (r348541) @@ -3,6 +3,7 @@ PORTNAME= libscrypt PORTVERSION= 1.18 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= horia@racoviceanu.com @@ -17,30 +18,48 @@ GH_ACCOUNT= technion GH_TAGNAME= ${GH_COMMIT} GH_COMMIT= 35b6894 +MAKE_ARGS+= CC=${CC} LIBDIR=${PREFIX}/lib + PLIST_FILES= include/libscrypt.h \ lib/libscrypt.so \ lib/libscrypt.so.0 PORTDOCS= README.md + OPTIONS_DEFINE= DOCS +OPTIONS_DEFAULT=STACKPROTECTOR + +OPTIONS_SINGLE= BUFFER_OVERFLOW_PROTECTION +OPTIONS_SINGLE_BUFFER_OVERFLOW_PROTECTION= STACKPROTECTOR STACKPROTECTORALL + +STACKPROTECTOR_DESC= Protect functions with vulnerable objects +STACKPROTECTORALL_DESC= Protect all functions .include <bsd.port.pre.mk> post-patch: - @${REINPLACE_CMD} -e 's|CC?=gcc|CC?=${CC}|; s|CFLAGS?=|CFLAGS+=|; \ - s|LIBDIR ?|LIBDIR |' ${WRKSRC}/Makefile + @${REINPLACE_CMD} -e 's|?=-|+=-|; s|-O2 ||' ${WRKSRC}/Makefile + +.if ${PORT_OPTIONS:MSTACKPROTECTORALL} + @${REINPLACE_CMD} -e 's|stack-protector|&-all|' ${WRKSRC}/Makefile +.endif -.if ${ARCH} == i386 && ${COMPILER_TYPE} == gcc - @${REINPLACE_CMD} -e 's|stack-protector|no-&|' ${WRKSRC}/Makefile +.if ${ARCH} == i386 && ${COMPILER_TYPE} == gcc && ${OSVERSION} < 1000036 + @${REINPLACE_CMD} -e 's|-lscrypt|& -lssp_nonshared|; \ + s|\.version|&,-lssp_nonshared|' ${WRKSRC}/Makefile .endif + @${REINPLACE_CMD} -e \ + 's|strcpy(mcf2, mcf);|strlcpy(mcf2, mcf, SCRYPT_MCF_LEN);|' \ + ${WRKSRC}/main.c + regression-test: build (cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} check) post-install: + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${PORTNAME}.so.0 + @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR} - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${PORTNAME}.so.0 - .include <bsd.port.post.mk> _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org" State Changed From-To: open->closed Committed. Thanks! |
