Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
build system: add hardening by default
  • Loading branch information
@perexg
perexg committed May 3, 2016
1 parent 6560e86 commit 9237d88
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 10 deletions.
5 changes: 3 additions & 2 deletions Makefile
View file
Expand Up @@ -28,7 +28,7 @@ LANGUAGES ?= bg cs da de en_US en_GB es et fa fi fr he hr hu it lv nl pl pt ru s
# Common compiler flags
#

CFLAGS += -g -O2
CFLAGS += -g -O2 -fPIE
ifeq ($(CONFIG_W_UNUSED_RESULT),yes)
CFLAGS += -Wunused-result
endif
Expand All @@ -41,10 +41,11 @@ CFLAGS += -fms-extensions -funsigned-char -fno-strict-aliasing
CFLAGS += -D_FILE_OFFSET_BITS=64
CFLAGS += -I${BUILDDIR} -I${ROOTDIR}/src -I${ROOTDIR}
ifeq ($(CONFIG_ANDROID),yes)
LDFLAGS += -ldl -lm -fPIE -pie
LDFLAGS += -ldl -lm
else
LDFLAGS += -ldl -lpthread -lm
endif
LDFLAGS += -pie -Wl,-z,now
ifeq ($(CONFIG_LIBICONV),yes)
LDFLAGS += -liconv
endif
Expand Down
24 changes: 17 additions & 7 deletions Makefile.ffmpeg
View file
Expand Up @@ -56,6 +56,7 @@ LIBX265 = x265_1.9
LIBX265_TB = $(LIBX265).tar.gz
LIBX265_URL = http://ftp.videolan.org/pub/videolan/x265/$(LIBX265_TB)
LIBX265_SHA1 = 8c9aa3b87b0f0a418bbb9782e9354d112d75e003
LIBX265_DIFFS = libx265.pie.diff

LIBVPX = libvpx-1.5.0
LIBVPX_TB = $(LIBVPX).tar.bz2
Expand Down Expand Up @@ -116,7 +117,7 @@ export PATH := $(LIB_ROOT)/build/ffmpeg/bin:$(PATH)

EBUILDIR := $(LIB_ROOT)/build
EPREFIX := $(EBUILDIR)/ffmpeg
ECFLAGS := -I$(EPREFIX)/include
ECFLAGS := -I$(EPREFIX)/include -fPIE
ELIBS := -L$(EPREFIX)/lib -ldl

CONFIGURE := FFMPEG_PREFIX=$(EPREFIX) \
Expand Down Expand Up @@ -175,6 +176,8 @@ $(LIB_ROOT)/$(LIBX264)/.tvh_build: \
$(LIB_ROOT)/$(YASM)/.tvh_build \
$(LIB_ROOT)/$(LIBX264)/.tvh_download
cd $(LIB_ROOT)/$(LIBX264) && $(CONFIGURE) \
--extra-asflags="-DPIC" \
--extra-cflags="-fPIE" \
--disable-swscale \
--disable-lavf \
--disable-avs \
Expand Down Expand Up @@ -216,6 +219,7 @@ ifeq (yes,$(CONFIG_LIBX265_STATIC))
$(LIB_ROOT)/$(LIBX265)/.tvh_download:
$(call DOWNLOAD,$(LIBX265_URL),$(LIB_ROOT)/$(LIBX265_TB),$(LIBX265_SHA1))
$(call UNTAR,$(LIBX265_TB),z)
$(call PATCH,$(LIBX265),$(LIBX265_DIFFS))
@touch $@

$(LIB_ROOT)/$(LIBX265)/.tvh_build: \
Expand Down Expand Up @@ -268,7 +272,9 @@ $(LIB_ROOT)/$(LIBVPX)/.tvh_download:
$(LIB_ROOT)/$(LIBVPX)/.tvh_build: \
$(LIB_ROOT)/$(YASM)/.tvh_build \
$(LIB_ROOT)/$(LIBVPX)/.tvh_download
cd $(LIB_ROOT)/$(LIBVPX) && $(CONFIGURE) \
cd $(LIB_ROOT)/$(LIBVPX) && \
ASFLAGS="-DENABLE_PIC=1 -DPIC=1" $(CONFIGURE) \
--extra-cflags="-fPIE" \
--disable-examples \
--disable-docs \
--disable-unit-tests \
Expand Down Expand Up @@ -304,7 +310,7 @@ $(LIB_ROOT)/$(LIBOGG)/.tvh_download:
$(LIB_ROOT)/$(LIBOGG)/.tvh_build: \
$(LIB_ROOT)/$(YASM)/.tvh_build \
$(LIB_ROOT)/$(LIBOGG)/.tvh_download
cd $(LIB_ROOT)/$(LIBOGG) && $(CONFIGURE)
cd $(LIB_ROOT)/$(LIBOGG) && CFLAGS="-fPIE" $(CONFIGURE)
DESTDIR=$(EBUILDIR) \
$(MAKE) -C $(LIB_ROOT)/$(LIBOGG) install
@touch $@
Expand Down Expand Up @@ -341,7 +347,8 @@ $(LIB_ROOT)/$(LIBTHEORA)/.tvh_build: \
$(LIB_ROOT)/$(YASM)/.tvh_build \
$(LIB_ROOT)/$(LIBOGG)/.tvh_build \
$(LIB_ROOT)/$(LIBTHEORA)/.tvh_download
cd $(LIB_ROOT)/$(LIBTHEORA) && $(CONFIGURE) \
cd $(LIB_ROOT)/$(LIBTHEORA) && \
CFLAGS="-fPIE" $(CONFIGURE) \
--with-ogg=$(EPREFIX) \
--disable-examples \
$(LIBTHEORA_HOST)
Expand Down Expand Up @@ -386,7 +393,8 @@ $(LIB_ROOT)/$(LIBVORBIS)/.tvh_build: \
$(LIB_ROOT)/$(YASM)/.tvh_build \
$(LIB_ROOT)/$(LIBOGG)/.tvh_build \
$(LIB_ROOT)/$(LIBVORBIS)/.tvh_download
cd $(LIB_ROOT)/$(LIBVORBIS) && $(CONFIGURE) \
cd $(LIB_ROOT)/$(LIBVORBIS) && \
CFLAGS="-fPIE" $(CONFIGURE) \
--with-ogg=$(EPREFIX)
DESTDIR=$(EBUILDIR) \
$(MAKE) -C $(LIB_ROOT)/$(LIBVORBIS) install
Expand Down Expand Up @@ -426,7 +434,8 @@ $(LIB_ROOT)/$(LIBFDKAAC)/.tvh_download:

$(LIB_ROOT)/$(LIBFDKAAC)/.tvh_build: \
$(LIB_ROOT)/$(LIBFDKAAC)/.tvh_download
cd $(LIB_ROOT)/$(LIBFDKAAC) && $(CONFIGURE)
cd $(LIB_ROOT)/$(LIBFDKAAC) && \
CXXFLAGS="-fPIE" CFLAGS="-fPIE" $(CONFIGURE)
DESTDIR=$(EBUILDIR) \
$(MAKE) -C $(LIB_ROOT)/$(LIBFDKAAC) install
@touch $@
Expand Down Expand Up @@ -479,7 +488,8 @@ $(LIB_ROOT)/$(LIBMFX)/.tvh_download:

$(LIB_ROOT)/$(LIBMFX)/.tvh_build: \
$(LIB_ROOT)/$(LIBMFX)/.tvh_download
cd $(LIB_ROOT)/$(LIBMFX) && autoreconf -i && $(CONFIGURE) \
cd $(LIB_ROOT)/$(LIBMFX) && autoreconf -i && \
CXXFLAGS="-fPIE" CFLAGS="-fPIE" $(CONFIGURE) \
--with-libva_x11 \
--with-libva_drm
DESTDIR=$(EBUILDIR) \
Expand Down
2 changes: 1 addition & 1 deletion Makefile.hdhomerun
View file
Expand Up @@ -63,7 +63,7 @@ export PATH := $(LIB_ROOT)/build/bin:$(PATH)
OBJS := $(foreach file,$(LIBSRCS),$(LIB_ROOT)/$(LIBHDHR)/$(basename $(file)).o)

$(LIB_ROOT)/$(LIBHDHR)/%.o: $(LIB_ROOT)/$(LIBHDHR)/%.c
$(CC) -MD -MP $(CFLAGS) -c -o $@ $<
$(CC) -MD -MP $(CFLAGS) -fPIE -c -o $@ $<

$(LIB_ROOT)/$(LIBHDHR)/libhdhomerun.a: $(OBJS)
$(AR) rcs $@ $^
Expand Down
33 changes: 33 additions & 0 deletions support/patches/libx265.pie.diff
View file
@@ -0,0 +1,33 @@
--- source/CMakeLists.txt.old 2016-05-03 14:34:37.168396127 +0200
+++ source/CMakeLists.txt 2016-05-03 14:35:35.551372285 +0200
@@ -100,7 +100,7 @@
endif(NO_ATOMICS)
endif(UNIX)

-if(X64 AND NOT WIN32)
+if(X64NONONO AND NOT WIN32)
option(ENABLE_PIC "Enable Position Independent Code" ON)
else()
option(ENABLE_PIC "Enable Position Independent Code" OFF)
@@ -166,6 +166,8 @@
add_definitions(-std=gnu++98)
if(ENABLE_PIC)
add_definitions(-fPIC)
+ else()
+ add_definitions(-fPIE)
endif(ENABLE_PIC)
if(NATIVE_BUILD)
if(INTEL_CXX)
--- source/cmake/CMakeASM_YASMInformation.cmake.old 2016-05-03 15:52:36.572122457 +0200
+++ source/cmake/CMakeASM_YASMInformation.cmake 2016-05-03 15:53:18.939438179 +0200
@@ -3,9 +3,7 @@

if(X64)
list(APPEND ASM_FLAGS -DARCH_X86_64=1)
- if(ENABLE_PIC)
- list(APPEND ASM_FLAGS -DPIC)
- endif()
+ list(APPEND ASM_FLAGS -DPIC)
if(APPLE)
set(ARGS -f macho64 -m amd64 -DPREFIX)
elseif(UNIX AND NOT CYGWIN)

0 comments on commit 9237d88

Please sign in to comment.