|
 |
809a3f |
From 681b54fd40b7a5e5c960bbd3e8aedca0fd4db575 Mon Sep 17 00:00:00 2001
|
|
|
809a3f |
From: Alexander Aring <aahringo@redhat.com>
|
|
|
809a3f |
Date: Tue, 8 Feb 2022 14:42:53 -0500
|
|
|
809a3f |
Subject: [PATCH 3/5] treewide: do always -Wl,-z,now in LDFLAGS
|
|
|
809a3f |
|
|
|
809a3f |
This patch reverts commit 7bb5570a ("treewide: try to resolve symbols at
|
|
|
809a3f |
linking time") because the recommended way to avoid security related
|
|
|
809a3f |
issues is always to use -Wl,-z,now.
|
|
|
809a3f |
|
|
|
809a3f |
This is solving the following annocheck failure:
|
|
|
809a3f |
|
|
|
809a3f |
https://sourceware.org/annobin/annobin.html/Test-bind-now.html
|
|
|
809a3f |
---
|
|
|
809a3f |
dlm_controld/Makefile | 6 +++---
|
|
|
809a3f |
dlm_tool/Makefile | 4 ++--
|
|
|
809a3f |
fence/Makefile | 4 ++--
|
|
|
809a3f |
libdlm/Makefile | 7 +++----
|
|
|
809a3f |
4 files changed, 10 insertions(+), 11 deletions(-)
|
|
|
809a3f |
|
|
|
809a3f |
diff --git a/dlm_controld/Makefile b/dlm_controld/Makefile
|
|
|
809a3f |
index 8cfc97e6909a..a92fdebe2cba 100644
|
|
|
809a3f |
--- a/dlm_controld/Makefile
|
|
|
809a3f |
+++ b/dlm_controld/Makefile
|
|
|
809a3f |
@@ -43,15 +43,15 @@ CFLAGS += -D_GNU_SOURCE -O2 -ggdb \
|
|
|
809a3f |
-Wno-sign-compare -Wno-unused-parameter -Wp,-D_FORTIFY_SOURCE=2 \
|
|
|
809a3f |
-fexceptions -fasynchronous-unwind-tables -fdiagnostics-show-option \
|
|
|
809a3f |
-Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong \
|
|
|
809a3f |
- -fstack-clash-protection -Wl,-z,now
|
|
|
809a3f |
+ -fstack-clash-protection
|
|
|
809a3f |
|
|
|
809a3f |
BIN_CFLAGS += $(CFLAGS) -fPIE -DPIE
|
|
|
809a3f |
BIN_CFLAGS += -I../include -I../libdlm
|
|
|
809a3f |
LIB_CFLAGS += $(CFLAGS) -fPIC
|
|
|
809a3f |
|
|
|
809a3f |
-BIN_LDFLAGS += $(LDFLAGS) -Wl,-z,relro -Wl,-z,defs -pie
|
|
|
809a3f |
+BIN_LDFLAGS += $(LDFLAGS) -Wl,-z,relro -Wl,-z,now -pie
|
|
|
809a3f |
BIN_LDFLAGS += -lpthread -lrt -lcpg -lcmap -lcfg -lquorum -luuid
|
|
|
809a3f |
-LIB_LDFLAGS += $(LDFLAGS) -Wl,-z,relro -Wl,-z,defs -pie
|
|
|
809a3f |
+LIB_LDFLAGS += $(LDFLAGS) -Wl,-z,relro -Wl,-z,now -pie
|
|
|
809a3f |
|
|
|
809a3f |
PKG_CONFIG ?= pkg-config
|
|
|
809a3f |
ifeq ($(USE_SD_NOTIFY),yes)
|
|
|
809a3f |
diff --git a/dlm_tool/Makefile b/dlm_tool/Makefile
|
|
|
809a3f |
index 7b42638c0e4a..1c3d61d5c860 100644
|
|
|
809a3f |
--- a/dlm_tool/Makefile
|
|
|
809a3f |
+++ b/dlm_tool/Makefile
|
|
|
809a3f |
@@ -15,12 +15,12 @@ CFLAGS += -D_GNU_SOURCE -O2 -ggdb \
|
|
|
809a3f |
-Wno-sign-compare -Wno-unused-parameter -Wp,-D_FORTIFY_SOURCE=2 \
|
|
|
809a3f |
-fexceptions -fasynchronous-unwind-tables -fdiagnostics-show-option \
|
|
|
809a3f |
-Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong \
|
|
|
809a3f |
- -fstack-clash-protection -Wl,-z,now
|
|
|
809a3f |
+ -fstack-clash-protection
|
|
|
809a3f |
|
|
|
809a3f |
CFLAGS += -fPIE -DPIE
|
|
|
809a3f |
CFLAGS += -I../include -I../libdlm -I../dlm_controld
|
|
|
809a3f |
|
|
|
809a3f |
-LDFLAGS += -Wl,-z,relro -Wl,-z,defs -pie
|
|
|
809a3f |
+LDFLAGS += -Wl,-z,relro -Wl,-z,now -pie
|
|
|
809a3f |
LDFLAGS += -L../libdlm -L../dlm_controld
|
|
|
809a3f |
LDFLAGS += -lpthread -ldlm -ldlmcontrol
|
|
|
809a3f |
|
|
|
809a3f |
diff --git a/fence/Makefile b/fence/Makefile
|
|
|
809a3f |
index 547f7ba946ff..ee4dfb886d4c 100644
|
|
|
809a3f |
--- a/fence/Makefile
|
|
|
809a3f |
+++ b/fence/Makefile
|
|
|
809a3f |
@@ -15,13 +15,13 @@ CFLAGS += -D_GNU_SOURCE -O2 -ggdb \
|
|
|
809a3f |
-Wno-sign-compare -Wno-unused-parameter -Wp,-D_FORTIFY_SOURCE=2 \
|
|
|
809a3f |
-fexceptions -fasynchronous-unwind-tables -fdiagnostics-show-option \
|
|
|
809a3f |
-Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong \
|
|
|
809a3f |
- -fstack-clash-protection -Wl,-z,now
|
|
|
809a3f |
+ -fstack-clash-protection
|
|
|
809a3f |
|
|
|
809a3f |
CFLAGS += -fPIE -DPIE
|
|
|
809a3f |
CFLAGS += -I../include
|
|
|
809a3f |
CFLAGS += $(shell pkg-config --cflags pacemaker-fencing)
|
|
|
809a3f |
|
|
|
809a3f |
-LDFLAGS += -Wl,-z,relro -Wl,-z,defs -pie
|
|
|
809a3f |
+LDFLAGS += -Wl,-z,relro -Wl,-z,now -pie
|
|
|
809a3f |
LDFLAGS += -ldl
|
|
|
809a3f |
|
|
|
809a3f |
all: $(BIN_TARGET)
|
|
|
809a3f |
diff --git a/libdlm/Makefile b/libdlm/Makefile
|
|
|
809a3f |
index 313c2a08f17e..5069ccf1f7f9 100644
|
|
|
809a3f |
--- a/libdlm/Makefile
|
|
|
809a3f |
+++ b/libdlm/Makefile
|
|
|
809a3f |
@@ -78,14 +78,13 @@ CFLAGS += -D_GNU_SOURCE -O2 -ggdb \
|
|
|
809a3f |
-fexceptions \
|
|
|
809a3f |
-fasynchronous-unwind-tables \
|
|
|
809a3f |
-fdiagnostics-show-option \
|
|
|
809a3f |
- -fPIC \
|
|
|
809a3f |
- -Wl,-z,now
|
|
|
809a3f |
+ -fPIC
|
|
|
809a3f |
|
|
|
809a3f |
LIB_CFLAGS += $(CFLAGS) -D_REENTRANT
|
|
|
809a3f |
LLT_CFLAGS += $(CFLAGS)
|
|
|
809a3f |
|
|
|
809a3f |
-LIB_LDFLAGS += $(LDFLAGS) -lpthread -Wl,-z,defs
|
|
|
809a3f |
-LLT_LDFLAGS += $(LDFLAGS) -Wl,-z,defs
|
|
|
809a3f |
+LIB_LDFLAGS += $(LDFLAGS) -lpthread -Wl,-z,now
|
|
|
809a3f |
+LLT_LDFLAGS += $(LDFLAGS) -Wl,-z,now
|
|
|
809a3f |
|
|
|
809a3f |
all: $(LIB_TARGET) $(LLT_TARGET) $(LIB_PC) $(LLT_PC)
|
|
|
809a3f |
|
|
|
809a3f |
--
|
|
|
809a3f |
2.7.5
|
|
|
809a3f |
|