summaryrefslogtreecommitdiffstats
path: root/scripts/Dpkg/Vendor/Ubuntu.pm
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 18:40:28 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 18:40:28 +0000
commit774e54c8927088c60617dc9345f55eaabb23256a (patch)
tree7d82ddb667eaec624064c430b57818c78184e3c7 /scripts/Dpkg/Vendor/Ubuntu.pm
parentAdding upstream version 1.22.4. (diff)
downloaddpkg-774e54c8927088c60617dc9345f55eaabb23256a.tar.xz
dpkg-774e54c8927088c60617dc9345f55eaabb23256a.zip
Adding upstream version 1.22.5.upstream/1.22.5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'scripts/Dpkg/Vendor/Ubuntu.pm')
-rw-r--r--scripts/Dpkg/Vendor/Ubuntu.pm66
1 files changed, 58 insertions, 8 deletions
diff --git a/scripts/Dpkg/Vendor/Ubuntu.pm b/scripts/Dpkg/Vendor/Ubuntu.pm
index b50da37..f907fa9 100644
--- a/scripts/Dpkg/Vendor/Ubuntu.pm
+++ b/scripts/Dpkg/Vendor/Ubuntu.pm
@@ -95,14 +95,6 @@ sub run_hook {
if (scalar(@$bugs)) {
$fields->{'Launchpad-Bugs-Fixed'} = join(' ', @$bugs);
}
- } elsif ($hook eq 'update-buildflags') {
- my $flags = shift @params;
-
- # Run the Debian hook to add hardening flags
- $self->SUPER::run_hook($hook, $flags);
-
- # Per https://wiki.ubuntu.com/DistCompilerFlags
- $flags->prepend('LDFLAGS', '-Wl,-Bsymbolic-functions');
} else {
return $self->SUPER::run_hook($hook, @params);
}
@@ -137,6 +129,64 @@ sub set_build_features {
$flags->set_option_value('fortify-level', 3);
}
+sub add_build_flags {
+ my ($self, $flags) = @_;
+
+ my @compile_flags = qw(
+ CFLAGS
+ CXXFLAGS
+ OBJCFLAGS
+ OBJCXXFLAGS
+ FFLAGS
+ FCFLAGS
+ );
+
+ $self->SUPER::add_build_flags($flags);
+
+ # Per https://wiki.ubuntu.com/DistCompilerFlags
+ $flags->prepend('LDFLAGS', '-Wl,-Bsymbolic-functions');
+
+ # In Ubuntu these flags are set by the compiler, so when disabling the
+ # features we need to pass appropriate flags to disable them.
+ if (!$flags->use_feature('hardening', 'stackprotectorstrong') &&
+ !$flags->use_feature('hardening', 'stackprotector')) {
+ my $flag = '-fno-stack-protector';
+ $flags->append($_, $flag) foreach @compile_flags;
+ }
+
+ if (!$flags->use_feature('hardening', 'stackclash')) {
+ my $flag = '-fno-stack-clash-protection';
+ $flags->append($_, $flag) foreach @compile_flags;
+ }
+
+ if (!$flags->use_feature('hardening', 'fortify')) {
+ $flags->append('CPPFLAGS', '-D_FORTIFY_SOURCE=0');
+ }
+
+ if (!$flags->use_feature('hardening', 'format')) {
+ my $flag = '-Wno-format -Wno-error=format-security';
+ $flags->append('CFLAGS', $flag);
+ $flags->append('CXXFLAGS', $flag);
+ $flags->append('OBJCFLAGS', $flag);
+ $flags->append('OBJCXXFLAGS', $flag);
+ }
+
+ if (!$flags->use_feature('hardening', 'branch')) {
+ my $cpu = $flags->get_option_value('hardening-branch-cpu');
+ my $flag;
+ if ($cpu eq 'arm64') {
+ $flag = '-mbranch-protection=none';
+ } elsif ($cpu eq 'amd64') {
+ $flag = '-fno-cf-protection';
+ }
+ if (defined $flag) {
+ $flags->append($_, $flag) foreach @compile_flags;
+ }
+ }
+
+ return;
+}
+
=head1 PUBLIC FUNCTIONS
=over