From 1cc4df96a9ed3e1e7cb39dfa0ced90d8995adc13 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Mon, 15 Sep 2025 10:50:22 +0800 Subject: [PATCH] Add some stack-protector (cherry picked from commit f81fe2b7ea6c7a4f1f138d0e2a288e836882c7d0) --- valgrind-3.16.0-some-Wl-z-now.patch | 24 ++--- valgrind-3.16.0-some-stack-protector.patch | 105 +++++++++++++++++++++ valgrind.spec | 21 ++++- 3 files changed, 133 insertions(+), 17 deletions(-) create mode 100644 valgrind-3.16.0-some-stack-protector.patch diff --git a/valgrind-3.16.0-some-Wl-z-now.patch b/valgrind-3.16.0-some-Wl-z-now.patch index f41c4a9..f6001d2 100644 --- a/valgrind-3.16.0-some-Wl-z-now.patch +++ b/valgrind-3.16.0-some-Wl-z-now.patch @@ -5,30 +5,30 @@ Date: Fri May 24 18:24:56 2019 +0200 Add -Wl,-z,now to some binaries. diff --git a/auxprogs/Makefile.am b/auxprogs/Makefile.am -index 9cec4f2..1c1ab98 100644 +index 1b7842b..e211eec 100644 --- a/auxprogs/Makefile.am +++ b/auxprogs/Makefile.am -@@ -35,7 +35,7 @@ valgrind_listener_SOURCES = valgrind-listener.c +@@ -32,7 +32,7 @@ valgrind_listener_SOURCES = valgrind-listener.c valgrind_listener_CPPFLAGS = $(AM_CPPFLAGS_PRI) -I$(top_srcdir)/coregrind - valgrind_listener_CFLAGS = $(AM_CFLAGS_PRI) + valgrind_listener_CFLAGS = $(AM_CFLAGS_PRI) -fstack-protector-strong valgrind_listener_CCASFLAGS = $(AM_CCASFLAGS_PRI) -valgrind_listener_LDFLAGS = $(AM_CFLAGS_PRI) +valgrind_listener_LDFLAGS = $(AM_CFLAGS_PRI) -Wl,-z,now if VGCONF_PLATVARIANT_IS_ANDROID valgrind_listener_CFLAGS += -static endif -@@ -54,7 +54,7 @@ valgrind_di_server_SOURCES = valgrind-di-server.c +@@ -51,7 +51,7 @@ valgrind_di_server_SOURCES = valgrind-di-server.c valgrind_di_server_CPPFLAGS = $(AM_CPPFLAGS_PRI) -I$(top_srcdir)/coregrind - valgrind_di_server_CFLAGS = $(AM_CFLAGS_PRI) + valgrind_di_server_CFLAGS = $(AM_CFLAGS_PRI) -fstack-protector-strong valgrind_di_server_CCASFLAGS = $(AM_CCASFLAGS_PRI) -valgrind_di_server_LDFLAGS = $(AM_CFLAGS_PRI) +valgrind_di_server_LDFLAGS = $(AM_CFLAGS_PRI) -Wl,-z,now if VGCONF_PLATVARIANT_IS_ANDROID valgrind_di_server_CFLAGS += -static endif -@@ -89,7 +89,7 @@ getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_SOURCES = getoff.c +@@ -86,7 +86,7 @@ getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_SOURCES = getoff.c getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CPPFLAGS = $(AM_CPPFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) - getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) + getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) -fstack-protector-strong getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CCASFLAGS = $(AM_CCASFLAGS_PRI) -getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_LDFLAGS = $(AM_CFLAGS_PRI) @LIB_UBSAN@ +getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_LDFLAGS = $(AM_CFLAGS_PRI) @LIB_UBSAN@ -Wl,-z,now @@ -36,21 +36,21 @@ index 9cec4f2..1c1ab98 100644 getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_LDADD = $(LDADD) -ldl endif diff --git a/coregrind/Makefile.am b/coregrind/Makefile.am -index 9251ced..b59d687 100644 +index 3c73210..fb6b7bb 100644 --- a/coregrind/Makefile.am +++ b/coregrind/Makefile.am -@@ -62,7 +62,7 @@ RANLIB = ${LTO_RANLIB} +@@ -57,7 +57,7 @@ RANLIB = ${LTO_RANLIB} valgrind_CPPFLAGS = $(AM_CPPFLAGS_PRI) - valgrind_CFLAGS = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) + valgrind_CFLAGS = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fstack-protector-strong valgrind_CCASFLAGS = $(AM_CCASFLAGS_PRI) -valgrind_LDFLAGS = $(AM_CFLAGS_PRI) @LIB_UBSAN@ +valgrind_LDFLAGS = $(AM_CFLAGS_PRI) @LIB_UBSAN@ -Wl,-z,now # If there is no secondary platform, and the platforms include x86-darwin, # then the primary platform must be x86-darwin. Hence: if ! VGCONF_HAVE_PLATFORM_SEC -@@ -104,7 +104,7 @@ endif +@@ -104,7 +104,7 @@ vgdb_CPPFLAGS = $(AM_CPPFLAGS_PRI) $(GDB_SCRIPTS_DIR) - vgdb_CFLAGS = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) + vgdb_CFLAGS = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fstack-protector-strong vgdb_CCASFLAGS = $(AM_CCASFLAGS_PRI) -vgdb_LDFLAGS = $(AM_CFLAGS_PRI) @LIB_UBSAN@ +vgdb_LDFLAGS = $(AM_CFLAGS_PRI) @LIB_UBSAN@ -Wl,-z,now diff --git a/valgrind-3.16.0-some-stack-protector.patch b/valgrind-3.16.0-some-stack-protector.patch new file mode 100644 index 0000000..751cf39 --- /dev/null +++ b/valgrind-3.16.0-some-stack-protector.patch @@ -0,0 +1,105 @@ +commit b73fb7a614e1b5d60af23fb0752b5cead995e02e +Author: Mark Wielaard +Date: Sun Apr 14 00:30:05 2019 +0200 + + Remove no-stack-protector, add stack-protector-strong to some. + +diff --git a/auxprogs/Makefile.am b/auxprogs/Makefile.am +index 56cc5ef..1b7842b 100644 +--- a/auxprogs/Makefile.am ++++ b/auxprogs/Makefile.am +@@ -30,7 +30,7 @@ bin_PROGRAMS = valgrind-listener valgrind-di-server + + valgrind_listener_SOURCES = valgrind-listener.c + valgrind_listener_CPPFLAGS = $(AM_CPPFLAGS_PRI) -I$(top_srcdir)/coregrind +-valgrind_listener_CFLAGS = $(AM_CFLAGS_PRI) ++valgrind_listener_CFLAGS = $(AM_CFLAGS_PRI) -fstack-protector-strong + valgrind_listener_CCASFLAGS = $(AM_CCASFLAGS_PRI) + valgrind_listener_LDFLAGS = $(AM_CFLAGS_PRI) + if VGCONF_PLATVARIANT_IS_ANDROID +@@ -49,7 +49,7 @@ endif + + valgrind_di_server_SOURCES = valgrind-di-server.c + valgrind_di_server_CPPFLAGS = $(AM_CPPFLAGS_PRI) -I$(top_srcdir)/coregrind +-valgrind_di_server_CFLAGS = $(AM_CFLAGS_PRI) ++valgrind_di_server_CFLAGS = $(AM_CFLAGS_PRI) -fstack-protector-strong + valgrind_di_server_CCASFLAGS = $(AM_CCASFLAGS_PRI) + valgrind_di_server_LDFLAGS = $(AM_CFLAGS_PRI) + if VGCONF_PLATVARIANT_IS_ANDROID +@@ -84,7 +84,7 @@ endif + + getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_SOURCES = getoff.c + getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CPPFLAGS = $(AM_CPPFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) +-getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) ++getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) -fstack-protector-strong + getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CCASFLAGS = $(AM_CCASFLAGS_PRI) + getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_LDFLAGS = $(AM_CFLAGS_PRI) @LIB_UBSAN@ + if HAVE_DLINFO_RTLD_DI_TLS_MODID +diff --git a/configure.ac b/configure.ac +index f8c798b..ccc8f52 100755 +--- a/configure.ac ++++ b/configure.ac +@@ -2352,24 +2352,24 @@ + AM_CONDITIONAL([HAVE_ALIGNED_CXX_ALLOC], [test x$ac_have_aligned_cxx_alloc = xyes]) + + # does this compiler support -fno-stack-protector ? +-AC_MSG_CHECKING([if gcc accepts -fno-stack-protector]) +- +-safe_CFLAGS=$CFLAGS +-CFLAGS="-fno-stack-protector -Werror" +- +-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[ +- return 0; +-]])], [ +-no_stack_protector=yes +-FLAG_FNO_STACK_PROTECTOR="-fno-stack-protector" +-AC_MSG_RESULT([yes]) +-], [ +-no_stack_protector=no ++#AC_MSG_CHECKING([if gcc accepts -fno-stack-protector]) ++# ++#safe_CFLAGS=$CFLAGS ++#CFLAGS="-fno-stack-protector -Werror" ++# ++#AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[ ++# return 0; ++#]])], [ ++#no_stack_protector=yes ++#FLAG_FNO_STACK_PROTECTOR="-fno-stack-protector" ++#AC_MSG_RESULT([yes]) ++#], [ ++#no_stack_protector=no + FLAG_FNO_STACK_PROTECTOR="" +-AC_MSG_RESULT([no]) +-]) +-CFLAGS=$safe_CFLAGS +- ++#AC_MSG_RESULT([no]) ++#]) ++#CFLAGS=$safe_CFLAGS ++# + AC_SUBST(FLAG_FNO_STACK_PROTECTOR) + + # does this compiler support -finline-functions ? +diff --git a/coregrind/Makefile.am b/coregrind/Makefile.am +index 94030fd..3c73210 100644 +--- a/coregrind/Makefile.am ++++ b/coregrind/Makefile.am +@@ -55,7 +55,7 @@ AR = ${LTO_AR} + RANLIB = ${LTO_RANLIB} + + valgrind_CPPFLAGS = $(AM_CPPFLAGS_PRI) +-valgrind_CFLAGS = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) ++valgrind_CFLAGS = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fstack-protector-strong + valgrind_CCASFLAGS = $(AM_CCASFLAGS_PRI) + valgrind_LDFLAGS = $(AM_CFLAGS_PRI) @LIB_UBSAN@ + # If there is no secondary platform, and the platforms include x86-darwin, +@@ -102,7 +102,7 @@ + endif + + vgdb_CPPFLAGS = $(AM_CPPFLAGS_PRI) $(GDB_SCRIPTS_DIR) +-vgdb_CFLAGS = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) ++vgdb_CFLAGS = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fstack-protector-strong + vgdb_CCASFLAGS = $(AM_CCASFLAGS_PRI) + vgdb_LDFLAGS = $(AM_CFLAGS_PRI) @LIB_UBSAN@ + if VGCONF_PLATVARIANT_IS_ANDROID diff --git a/valgrind.spec b/valgrind.spec index 37132ce..2f8bf14 100644 --- a/valgrind.spec +++ b/valgrind.spec @@ -29,7 +29,7 @@ Name: valgrind Version: 3.25.1 -Release: 3 +Release: 4 Epoch: 1 Summary: An instrumentation framework for building dynamic analysis tools License: GPL-2.0-or-later @@ -41,7 +41,10 @@ Patch2: valgrind-3.9.0-ldso-supp.patch Patch3: Add-AArch64-clang-longjmp-support.patch # Add LOONGARCH64 support Patch4: Add-LOONGARCH64-Linux-support.patch -Patch5: valgrind-3.16.0-some-Wl-z-now.patch +# # Add some stack-protector +Patch5: valgrind-3.16.0-some-stack-protector.patch +# Add some -Wl,z,now. +Patch6: valgrind-3.16.0-some-Wl-z-now.patch BuildRequires: glibc glibc-devel gdb procps gcc-c++ perl(Getopt::Long) BuildRequires: automake autoconf @@ -76,14 +79,19 @@ ar r shared/libgcc/libgcc_s_32.a CC="%{__cc} -B `pwd`/shared/libgcc/" %endif -%undefine _hardened_build %undefine _strict_symbol_defs_build optflags="`echo " %{optflags} -fPIE -fPIC"`" -OPTFLAGS="`echo " $optflags " | sed 's/ -m\(64\|3[21]\) / /g;s/ -fexceptions / /g;s/ -fstack-protector\([-a-z]*\) / / g;s/ -Wp,-D_FORTIFY_SOURCE=2 / /g;s/ -O2 / /g;s/ -mcpu=\([a-z0-9]\+\) / /g;s/^ //;s/ $//'`" +%ifarch ppc64 +CFLAGS="`echo " %{optflags} " | sed 's/ -fstack-protector\([-a-z]*\) / / g;s/ -O2 / /g;s/ -fexceptions / /g;'`" +%else +CFLAGS="`echo " %{optflags} " | sed 's/ -fstack-protector\([-a-z]*\) / / g;s/ -O2 / /g;'`" +%endif +export CFLAGS LDFLAGS="`echo " %{build_ldflags} " | sed 's/ -Wl,-z,now / / g;'`" +export LDFLAGS -%configure CC="$CC" CFLAGS="$OPTFLAGS" CXXFLAGS="$OPTFLAGS" LDFLAGS="$LDFLAGS" --with-mpicc=/bin/false GDB=%{_bindir}/gdb --enable-lto +%configure CC="$CC" --with-mpicc=/bin/false GDB=%{_bindir}/gdb --enable-lto %make_build %install @@ -116,6 +124,9 @@ popd %{_mandir}/man1/* %changelog +* Tue Sep 16 2025 yaoxin <1024769339@qq.com> - 1:3.25.1-4 +- Add some stack-protector + * Wed Aug 27 2025 Funda Wang - 1:3.25.1-3 - add some -Wl,z,now -- Gitee