1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
From: Christian Kastner <ckk@kvr.at>
Date: Sat, 30 Apr 2016 14:12:45 +0200
Subject: Filter out PIE flags when building shared objects
Filter out -pie, -fpie, and -fPIE when building the shared library and the PAM
module. This way, hardening=+all can be used unconditionally in debian/rules.
Forwarded: not-needed
Last-Update: 2022-03-04
---
libcap/Makefile | 2 ++
pam_cap/Makefile | 3 +++
2 files changed, 5 insertions(+)
Index: libcap2/libcap/Makefile
===================================================================
--- libcap2.orig/libcap/Makefile
+++ libcap2/libcap/Makefile
@@ -18,6 +18,10 @@ CAPMAGICOBJ=cap_magic.o
PSXFILES=../psx/psx
PSXMAGICOBJ=psx_magic.o
+# hardening=+all adds this universally, but we don't want this for the lib
+CFLAGS := $(filter-out -fPIE,$(CFLAGS))
+LDFLAGS := $(filter-out -fPIE,$(filter-out -pie,$(LDFLAGS)))
+
# Always build libcap sources this way:
CFLAGS += -fPIC
Index: libcap2/pam_cap/Makefile
===================================================================
--- libcap2.orig/pam_cap/Makefile
+++ libcap2/pam_cap/Makefile
@@ -3,6 +3,10 @@
topdir=$(shell pwd)/..
include ../Make.Rules
+# hardening=+all adds this universally, but we don't want this for the module
+CFLAGS := $(filter-out -fPIE,$(CFLAGS))
+LDFLAGS := $(filter-out -fPIE,$(filter-out -pie,$(LDFLAGS)))
+
# Always build pam_cap sources this way:
CFLAGS += -fPIC
|
