diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 18:40:28 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 18:40:28 +0000 |
commit | 774e54c8927088c60617dc9345f55eaabb23256a (patch) | |
tree | 7d82ddb667eaec624064c430b57818c78184e3c7 /scripts/Dpkg/Vendor/Ubuntu.pm | |
parent | Adding upstream version 1.22.4. (diff) | |
download | dpkg-774e54c8927088c60617dc9345f55eaabb23256a.tar.xz dpkg-774e54c8927088c60617dc9345f55eaabb23256a.zip |
Adding upstream version 1.22.5.upstream/1.22.5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'scripts/Dpkg/Vendor/Ubuntu.pm')
-rw-r--r-- | scripts/Dpkg/Vendor/Ubuntu.pm | 66 |
1 files changed, 58 insertions, 8 deletions
diff --git a/scripts/Dpkg/Vendor/Ubuntu.pm b/scripts/Dpkg/Vendor/Ubuntu.pm index b50da37..f907fa9 100644 --- a/scripts/Dpkg/Vendor/Ubuntu.pm +++ b/scripts/Dpkg/Vendor/Ubuntu.pm @@ -95,14 +95,6 @@ sub run_hook { if (scalar(@$bugs)) { $fields->{'Launchpad-Bugs-Fixed'} = join(' ', @$bugs); } - } elsif ($hook eq 'update-buildflags') { - my $flags = shift @params; - - # Run the Debian hook to add hardening flags - $self->SUPER::run_hook($hook, $flags); - - # Per https://wiki.ubuntu.com/DistCompilerFlags - $flags->prepend('LDFLAGS', '-Wl,-Bsymbolic-functions'); } else { return $self->SUPER::run_hook($hook, @params); } @@ -137,6 +129,64 @@ sub set_build_features { $flags->set_option_value('fortify-level', 3); } +sub add_build_flags { + my ($self, $flags) = @_; + + my @compile_flags = qw( + CFLAGS + CXXFLAGS + OBJCFLAGS + OBJCXXFLAGS + FFLAGS + FCFLAGS + ); + + $self->SUPER::add_build_flags($flags); + + # Per https://wiki.ubuntu.com/DistCompilerFlags + $flags->prepend('LDFLAGS', '-Wl,-Bsymbolic-functions'); + + # In Ubuntu these flags are set by the compiler, so when disabling the + # features we need to pass appropriate flags to disable them. + if (!$flags->use_feature('hardening', 'stackprotectorstrong') && + !$flags->use_feature('hardening', 'stackprotector')) { + my $flag = '-fno-stack-protector'; + $flags->append($_, $flag) foreach @compile_flags; + } + + if (!$flags->use_feature('hardening', 'stackclash')) { + my $flag = '-fno-stack-clash-protection'; + $flags->append($_, $flag) foreach @compile_flags; + } + + if (!$flags->use_feature('hardening', 'fortify')) { + $flags->append('CPPFLAGS', '-D_FORTIFY_SOURCE=0'); + } + + if (!$flags->use_feature('hardening', 'format')) { + my $flag = '-Wno-format -Wno-error=format-security'; + $flags->append('CFLAGS', $flag); + $flags->append('CXXFLAGS', $flag); + $flags->append('OBJCFLAGS', $flag); + $flags->append('OBJCXXFLAGS', $flag); + } + + if (!$flags->use_feature('hardening', 'branch')) { + my $cpu = $flags->get_option_value('hardening-branch-cpu'); + my $flag; + if ($cpu eq 'arm64') { + $flag = '-mbranch-protection=none'; + } elsif ($cpu eq 'amd64') { + $flag = '-fno-cf-protection'; + } + if (defined $flag) { + $flags->append($_, $flag) foreach @compile_flags; + } + } + + return; +} + =head1 PUBLIC FUNCTIONS =over |