From c40c25a50563c6d3a669475b9b6ff954706c98b1 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 2 Sep 2014 11:08:23 -0400
Subject: [PATCH] Build as PIE+RELRO binaries.
Resolves: rhbz#1092542
Signed-off-by: Peter Jones <pjones@redhat.com>
---
Make.defaults | 2 +-
libdpe/Makefile | 3 +++
src/Makefile | 4 ++--
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/Make.defaults b/Make.defaults
index 0995e5b..5ff74ee 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -6,7 +6,7 @@ ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,)
INCDIR = -I$(TOPDIR)/include
CPPFLAGS = -DCONFIG_$(ARCH)
CFLAGS = -g -O0
-BUILDFLAGS := $(CFLAGS) $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
+BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
ASFLAGS = $(ARCH3264)
LDFLAGS = -nostdlib
CCLDFLAGS = -shared
diff --git a/libdpe/Makefile b/libdpe/Makefile
index 81d3c0b..a8b0c26 100644
--- a/libdpe/Makefile
+++ b/libdpe/Makefile
@@ -5,6 +5,9 @@ SONAME = libdpe.so.0
include $(TOPDIR)/Make.defaults
+BUILDFLAGS += -fPIC
+CCLDFLAGS += -fPIC -Wl,-z,relro,-z,now
+
TARGETS = libdpe.so libdpe.a
all : $(TARGETS)
diff --git a/src/Makefile b/src/Makefile
index e45d2a3..766ffe8 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -7,8 +7,8 @@ PKLIBS = nss
LIBS = popt
STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a
LDFLAGS =
-CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib)))
-BUILDFLAGS += -I../include/ $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags $(pklib))) -Werror
+CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib))) -pie -fPIE -Wl,-z,relro,-z,now
+BUILDFLAGS += -I../include/ $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags $(pklib))) -Werror -fPIE
TARGETS = pesign authvar client efisiglist efikeygen peverify
--
1.9.3