From f3f7a547b4e01e0144445000f2a8493ad7abc08b Mon Sep 17 00:00:00 2001 From: Rick Farina Date: Sun, 9 Feb 2014 18:04:43 +0000 Subject: hardened fixes by Zorry from bug 495146 with trivial backport and extensive testing done by myself (Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key DD11F94A) --- sys-boot/syslinux/ChangeLog | 9 +++++++- .../syslinux-6.02-add-fno-stack-protector.patch | 20 ++++++++++++++++++ ...yslinux-6.03_pre1-add-fno-stack-protector.patch | 24 ++++++++++++++++++++++ sys-boot/syslinux/syslinux-6.02.ebuild | 3 ++- sys-boot/syslinux/syslinux-6.03_pre1.ebuild | 7 ++++--- 5 files changed, 58 insertions(+), 5 deletions(-) create mode 100644 sys-boot/syslinux/files/syslinux-6.02-add-fno-stack-protector.patch create mode 100644 sys-boot/syslinux/files/syslinux-6.03_pre1-add-fno-stack-protector.patch (limited to 'sys-boot/syslinux') diff --git a/sys-boot/syslinux/ChangeLog b/sys-boot/syslinux/ChangeLog index 800db202453e..28217e4825af 100644 --- a/sys-boot/syslinux/ChangeLog +++ b/sys-boot/syslinux/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-boot/syslinux # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/ChangeLog,v 1.107 2014/02/09 03:59:19 zerochaos Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/ChangeLog,v 1.108 2014/02/09 18:04:43 zerochaos Exp $ + + 09 Feb 2014; Rick Farina + +files/syslinux-6.02-add-fno-stack-protector.patch, + +files/syslinux-6.03_pre1-add-fno-stack-protector.patch, syslinux-6.02.ebuild, + syslinux-6.03_pre1.ebuild: + hardened fixes by Zorry from bug 495146 with trivial backport and extensive + testing done by myself *syslinux-6.02 (09 Feb 2014) diff --git a/sys-boot/syslinux/files/syslinux-6.02-add-fno-stack-protector.patch b/sys-boot/syslinux/files/syslinux-6.02-add-fno-stack-protector.patch new file mode 100644 index 000000000000..b3537678c5d7 --- /dev/null +++ b/sys-boot/syslinux/files/syslinux-6.02-add-fno-stack-protector.patch @@ -0,0 +1,20 @@ +diff -Naur syslinux-6.02/mk/efi.mk syslinux-6.02-hardened/mk/efi.mk +--- syslinux-6.02/mk/efi.mk 2013-10-13 13:59:03.000000000 -0400 ++++ syslinux-6.02-hardened/mk/efi.mk 2014-02-09 12:56:47.036409135 -0500 +@@ -23,6 +23,7 @@ + EFI_SUBARCH = $(ARCH) + endif + ++GCCOPT := $(call gcc_ok,-fno-stack-protector,) + EFIINC = $(shell $(topdir)/efi//find-gnu-efi.sh include $(EFI_SUBARCH)) + $(if $(EFIINC),, \ + $(error Missing $(EFI_SUBARCH) gnu-efi header files)) +@@ -42,7 +43,7 @@ + -DELF_DEBUG -DSYSLINUX_EFI -I$(objdir) \ + $(GCCWARN) -D__COM32__ -mno-red-zone \ + -DLDLINUX=\"$(LDLINUX)\" -fvisibility=hidden \ +- -Wno-unused-parameter ++ -Wno-unused-parameter $(GCCOPT) + + # gnuefi sometimes installs these under a gnuefi/ directory, and sometimes not + CRT0 := $(shell find $(LIBDIR) -name crt0-efi-$(EFI_SUBARCH).o 2>/dev/null | tail -n1) diff --git a/sys-boot/syslinux/files/syslinux-6.03_pre1-add-fno-stack-protector.patch b/sys-boot/syslinux/files/syslinux-6.03_pre1-add-fno-stack-protector.patch new file mode 100644 index 000000000000..a44acac80aa5 --- /dev/null +++ b/sys-boot/syslinux/files/syslinux-6.03_pre1-add-fno-stack-protector.patch @@ -0,0 +1,24 @@ +2014-01-04 Magnus Granberg + + # 495146 + * mk/efi.mk: Add -fno-stack-protector + +--- a/mk/efi.mk 2013-12-11 11:03:38.000000000 +0100 ++++ b/efi.mk 2014-01-04 13:50:11.474255644 +0100 +@@ -7,6 +7,7 @@ core = $(topdir)/core + # Set up architecture specifics; for cross compilation, set ARCH as apt + # gnuefi sets up architecture specifics in ia32 or x86_64 sub directories + # set up the LIBDIR and EFIINC for building for the appropriate architecture ++GCCOPT := $(call gcc_ok,-fno-stack-protector,) + EFIINC = $(objdir)/include/efi + LIBDIR = $(objdir)/lib + +@@ -38,7 +39,7 @@ CFLAGS = -I$(EFIINC) -I$(EFIINC)/$(EFI_S + -DELF_DEBUG -DSYSLINUX_EFI -I$(objdir) \ + $(GCCWARN) -D__COM32__ -mno-red-zone \ + -DLDLINUX=\"$(LDLINUX)\" -fvisibility=hidden \ +- -Wno-unused-parameter ++ -Wno-unused-parameter $(GCCOPT) + + CRT0 := $(LIBDIR)/crt0-efi-$(EFI_SUBARCH).o + LDSCRIPT := $(LIBDIR)/elf_$(EFI_SUBARCH)_efi.lds diff --git a/sys-boot/syslinux/syslinux-6.02.ebuild b/sys-boot/syslinux/syslinux-6.02.ebuild index 547352170c3c..d60b8a08cc92 100644 --- a/sys-boot/syslinux/syslinux-6.02.ebuild +++ b/sys-boot/syslinux/syslinux-6.02.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/syslinux-6.02.ebuild,v 1.1 2014/02/09 03:59:19 zerochaos Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/syslinux-6.02.ebuild,v 1.2 2014/02/09 18:04:43 zerochaos Exp $ EAPI=5 @@ -35,6 +35,7 @@ QA_PREBUILT="usr/share/${PN}/*.c32" # removed all the unpack/patching stuff since we aren't rebuilding the core stuff anymore src_prepare() { + epatch "${FILESDIR}"/${P}-add-fno-stack-protector.patch rm -f gethostip #bug 137081 # Don't prestrip or override user LDFLAGS, bug #305783 diff --git a/sys-boot/syslinux/syslinux-6.03_pre1.ebuild b/sys-boot/syslinux/syslinux-6.03_pre1.ebuild index 19ee0f8d7e76..b628fd9c1f22 100644 --- a/sys-boot/syslinux/syslinux-6.03_pre1.ebuild +++ b/sys-boot/syslinux/syslinux-6.03_pre1.ebuild @@ -1,8 +1,8 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/syslinux-6.03_pre1.ebuild,v 1.1 2013/12/11 13:17:57 chithanh Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/syslinux-6.03_pre1.ebuild,v 1.2 2014/02/09 18:04:43 zerochaos Exp $ -EAPI=4 +EAPI=5 inherit eutils toolchain-funcs @@ -35,6 +35,7 @@ QA_PREBUILT="usr/share/${PN}/*.c32" # removed all the unpack/patching stuff since we aren't rebuilding the core stuff anymore src_prepare() { + epatch "${FILESDIR}"/${P}-add-fno-stack-protector.patch rm -f gethostip #bug 137081 # Don't prestrip or override user LDFLAGS, bug #305783 -- cgit v1.2.3-65-gdbad