1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
Description: Added hardening to the build process.
Author: Hugo Torres de Lima <hugotorres@protonmail.com>
Last-Update: 2021-12-20
Index: convlit-1.8/clit18/Makefile
===================================================================
--- convlit-1.8.orig/clit18/Makefile
+++ convlit-1.8/clit18/Makefile
@@ -1,9 +1,12 @@
all: clit
-CFLAGS+=-funsigned-char -Wall -I ../lib -I ../lib/des -I .
+CFLAGS += -fPIE -fstack-protector-strong -Wformat -Werror=format-security -funsigned-char -Wall -I ../lib -I ../lib/des -I .
+CPPFLAGS += -D_FORTIFY_SOURCE=2
+LDFLAGS += -fPIE -pie -Wl,-z,relro -Wl,-z,now
+
clean:
rm -f *.o clit
clit: clit.o hexdump.o drm5.o explode.o transmute.o display.o utils.o manifest.o ../lib/openclit.a
- gcc -o clit $^ -ltommath
+ gcc $(LDFLAGS) -o clit $^ -ltommath
Index: convlit-1.8/clit18/clit.c
===================================================================
--- convlit-1.8.orig/clit18/clit.c
+++ convlit-1.8/clit18/clit.c
@@ -125,9 +125,9 @@ int main(int argc, char ** argv)
dir_program[i+1] = '\0'; break;
}
}
- printf(sTitle);
+ fputs(sTitle, stdout);
if (argc < 3) {
- printf(sUsage);
+ fputs(sUsage, stdout);
return -1;
}
base = 1;
Index: convlit-1.8/lib/Makefile
===================================================================
--- convlit-1.8.orig/lib/Makefile
+++ convlit-1.8/lib/Makefile
@@ -1,6 +1,8 @@
all: openclit.a
-CFLAGS+=-Wall -Ides -Isha -Inewlzx -I.
+CFLAGS += -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -Ides -Isha -Inewlzx -I.
+CPPFLAGS += -D_FORTIFY_SOURCE=2
+
clean:
rm -f *.o openclit.a des/*.o newlzx/*.o sha/*.o
|
