Merge pull request #7189 from arno01/hardenpostfix

postfix28 and postfix211: hardening with Canary, PIE, Full RELRO and FORTIFY_SOURCE
This commit is contained in:
Peter Simons 2015-04-06 16:19:37 +02:00
commit bed68ea21e
2 changed files with 4 additions and 3 deletions

View File

@ -33,8 +33,9 @@ stdenv.mkDerivation rec {
export sendmail_path=$out/bin/sendmail
make makefiles \
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' \
AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl'
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl \
-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' \
AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl -pie -Wl,-z,relro,-z,now'
'';
installTargets = [ "non-interactive-package" ];

View File

@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
export sample_directory=$out/share/postfix/doc/samples
export readme_directory=$out/share/postfix/doc
make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl'
make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl -pie -Wl,-z,relro,-z,now'
'';
installPhase = ''