fixes

author: netblue30 <netblue30@yahoo.com> 2018-03-23 20:33:53 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-03-23 20:33:53 -0400
commit: 7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08 (patch)
tree: 9822d57fb2cf29937ba808d2c6cb0b814bbcf3f4
parent: support Spectre mitigation patch for gcc compiler (diff)
download: firejail-7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08.tar.gz
firejail-7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08.tar.zst
firejail-7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08.zip
3 files changed, 7 insertions, 15 deletions
diff --git a/configure b/configure
index 80f66f8b3..0ccaad051 100755
--- a/configure
+++ b/configure
@@ -2100,7 +2100,6 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 #AC_CONFIG_HEADERS([config.h])
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -3106,7 +3105,6 @@ else
 fi
 HAVE_SPECTRE="no"
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc compiler" >&5
 $as_echo_n "checking for Spectre mitigation support in gcc compiler... " >&6; }
@@ -3121,7 +3119,7 @@ if test "$HAVE_SPECTRE" = "yes"; then :
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 $as_echo "yes" >&6; }
-        EXTRA_CFLAGS+="-mindirect-branch=thunk"
+        EXTRA_CFLAGS+=" -mindirect-branch=thunk "
 fi
 if test "$HAVE_SPECTRE" = "no"; then :
@@ -3132,7 +3130,6 @@ $as_echo "... not available" >&6; }
 fi
 HAVE_APPARMOR=""
 # Check whether --enable-apparmor was given.
 if test "${enable_apparmor+set}" = set; then :
@@ -3147,7 +3144,6 @@ if test "x$enable_apparmor" = "xyes"; then :
 fi
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -3559,7 +3555,7 @@ fi
 fi
 if test "x$enable_apparmor" = "xyes"; then :
-        EXTRA_LDFLAGS+="-lapparmor "
+        EXTRA_LDFLAGS+=" -lapparmor "
 fi
@@ -3753,7 +3749,7 @@ fi
 if test "x$enable_gcov" = "xyes"; then :
        HAVE_GCOV="--coverage -DHAVE_GCOV "
-        EXTRA_LDFLAGS+="-lgcov --coverage "
+        EXTRA_LDFLAGS+=" -lgcov --coverage "
 fi
diff --git a/configure.ac b/configure.ac
index d6d4eb874..9a7a9d65e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,13 +3,11 @@ AC_INIT(firejail, 0.9.53, netblue30@yahoo.com, , http://firejail.wordpress.com)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
 AC_PROG_CC
 #AC_PROG_CXX
 AC_PROG_INSTALL
 AC_PROG_RANLIB
 HAVE_SPECTRE="no"
 AC_MSG_CHECKING(for Spectre mitigation support in gcc compiler)
 AS_IF([test "$CC" = "gcc"], [
@@ -19,14 +17,13 @@ AS_IF([test "$CC" = "gcc"], [
 ])
 AS_IF([test "$HAVE_SPECTRE" = "yes"], [
        AC_MSG_RESULT(yes)
-        EXTRA_CFLAGS+="-mindirect-branch=thunk"
+        EXTRA_CFLAGS+=" -mindirect-branch=thunk "
 ])
 AS_IF([test "$HAVE_SPECTRE" = "no"], [
        AC_MSG_RESULT(... not available)
 ])
 AC_SUBST([EXTRA_CFLAGS])
 HAVE_APPARMOR=""
 AC_ARG_ENABLE([apparmor],
    AS_HELP_STRING([--enable-apparmor], [enable apparmor]))
@@ -35,13 +32,12 @@ AS_IF([test "x$enable_apparmor" = "xyes"], [
        AC_SUBST(HAVE_APPARMOR)
 ])
 AS_IF([test "x$enable_apparmor" = "xyes"], [
        AC_CHECK_HEADER(sys/apparmor.h, , [AC_MSG_ERROR(
        [Couldn't find sys/apparmor.h... please install apparmor user space library and development files] )])
 ])
 AS_IF([test "x$enable_apparmor" = "xyes"], [
-        EXTRA_LDFLAGS+="-lapparmor "
+        EXTRA_LDFLAGS+=" -lapparmor "
 ])
 AC_SUBST([EXTRA_LDFLAGS])
@@ -160,7 +156,7 @@ AC_ARG_ENABLE([gcov],
    AS_HELP_STRING([--enable-gcov], [Gcov instrumentation]))
 AS_IF([test "x$enable_gcov" = "xyes"], [
        HAVE_GCOV="--coverage -DHAVE_GCOV "
-        EXTRA_LDFLAGS+="-lgcov --coverage "
+        EXTRA_LDFLAGS+=" -lgcov --coverage "
        AC_SUBST(HAVE_GCOV)
 ])
diff --git a/src/fsec-print/print.c b/src/fsec-print/print.c
index e3b53c44c..faf59aa35 100644
--- a/src/fsec-print/print.c
+++ b/src/fsec-print/print.c
@@ -269,7 +269,7 @@ static void bpf_decode_args(const struct sock_filter *bpf, unsigned int line) {
                                 native_arch = (ARCH_NR == ARCH_64)? 1: 0;
                        }
                        else if (bpf->k == X32_SYSCALL_BIT)
-                                printf("X32_ABI true:%.4x (false %.4x)",
+                                printf("X32_ABI %.4x (false %.4x)",
                                       (line + 1) + bpf->jt,
                                       (line + 1) + bpf->jf);
                        else if (name)
author	netblue30 <netblue30@yahoo.com>	2018-03-23 20:33:53 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-03-23 20:33:53 -0400
commit	7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08 (patch)
tree	9822d57fb2cf29937ba808d2c6cb0b814bbcf3f4
parent	support Spectre mitigation patch for gcc compiler (diff)
download	firejail-7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08.tar.gz firejail-7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08.tar.zst firejail-7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08.zip

diff --git a/configure b/configure index 80f66f8b3..0ccaad051 100755 --- a/configure +++ b/configure
@@ -2100,7 +2100,6 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
2100		2100
2101	#AC_CONFIG_HEADERS([config.h])	2101	#AC_CONFIG_HEADERS([config.h])
2102		2102
2103
2104	ac_ext=c	2103	ac_ext=c
2105	ac_cpp='$CPP $CPPFLAGS'	2104	ac_cpp='$CPP $CPPFLAGS'
2106	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'	2105	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -3106,7 +3105,6 @@ else
3106	fi	3105	fi
3107		3106
3108		3107
3109
3110	HAVE_SPECTRE="no"	3108	HAVE_SPECTRE="no"
3111	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc compiler" >&5	3109	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc compiler" >&5
3112	$as_echo_n "checking for Spectre mitigation support in gcc compiler... " >&6; }	3110	$as_echo_n "checking for Spectre mitigation support in gcc compiler... " >&6; }
@@ -3121,7 +3119,7 @@ if test "$HAVE_SPECTRE" = "yes"; then :
3121		3119
3122	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5	3120	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3123	$as_echo "yes" >&6; }	3121	$as_echo "yes" >&6; }
3124	EXTRA_CFLAGS+="-mindirect-branch=thunk"	3122	EXTRA_CFLAGS+=" -mindirect-branch=thunk "
3125		3123
3126	fi	3124	fi
3127	if test "$HAVE_SPECTRE" = "no"; then :	3125	if test "$HAVE_SPECTRE" = "no"; then :
@@ -3132,7 +3130,6 @@ $as_echo "... not available" >&6; }
3132	fi	3130	fi
3133		3131
3134		3132
3135
3136	HAVE_APPARMOR=""	3133	HAVE_APPARMOR=""
3137	# Check whether --enable-apparmor was given.	3134	# Check whether --enable-apparmor was given.
3138	if test "${enable_apparmor+set}" = set; then :	3135	if test "${enable_apparmor+set}" = set; then :
@@ -3147,7 +3144,6 @@ if test "x$enable_apparmor" = "xyes"; then :
3147	fi	3144	fi
3148		3145
3149		3146
3150
3151	ac_ext=c	3147	ac_ext=c
3152	ac_cpp='$CPP $CPPFLAGS'	3148	ac_cpp='$CPP $CPPFLAGS'
3153	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'	3149	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -3559,7 +3555,7 @@ fi
3559	fi	3555	fi
3560	if test "x$enable_apparmor" = "xyes"; then :	3556	if test "x$enable_apparmor" = "xyes"; then :
3561		3557
3562	EXTRA_LDFLAGS+="-lapparmor "	3558	EXTRA_LDFLAGS+=" -lapparmor "
3563		3559
3564	fi	3560	fi
3565		3561
@@ -3753,7 +3749,7 @@ fi
3753	if test "x$enable_gcov" = "xyes"; then :	3749	if test "x$enable_gcov" = "xyes"; then :
3754		3750
3755	HAVE_GCOV="--coverage -DHAVE_GCOV "	3751	HAVE_GCOV="--coverage -DHAVE_GCOV "
3756	EXTRA_LDFLAGS+="-lgcov --coverage "	3752	EXTRA_LDFLAGS+=" -lgcov --coverage "
3757		3753
3758		3754
3759	fi	3755	fi


diff --git a/configure.ac b/configure.ac index d6d4eb874..9a7a9d65e 100644 --- a/configure.ac +++ b/configure.ac
@@ -3,13 +3,11 @@ AC_INIT(firejail, 0.9.53, netblue30@yahoo.com, , http://firejail.wordpress.com)
3	AC_CONFIG_SRCDIR([src/firejail/main.c])	3	AC_CONFIG_SRCDIR([src/firejail/main.c])
4	#AC_CONFIG_HEADERS([config.h])	4	#AC_CONFIG_HEADERS([config.h])
5		5
6
7	AC_PROG_CC	6	AC_PROG_CC
8	#AC_PROG_CXX	7	#AC_PROG_CXX
9	AC_PROG_INSTALL	8	AC_PROG_INSTALL
10	AC_PROG_RANLIB	9	AC_PROG_RANLIB
11		10
12
13	HAVE_SPECTRE="no"	11	HAVE_SPECTRE="no"
14	AC_MSG_CHECKING(for Spectre mitigation support in gcc compiler)	12	AC_MSG_CHECKING(for Spectre mitigation support in gcc compiler)
15	AS_IF([test "$CC" = "gcc"], [	13	AS_IF([test "$CC" = "gcc"], [
@@ -19,14 +17,13 @@ AS_IF([test "$CC" = "gcc"], [
19	])	17	])
20	AS_IF([test "$HAVE_SPECTRE" = "yes"], [	18	AS_IF([test "$HAVE_SPECTRE" = "yes"], [
21	AC_MSG_RESULT(yes)	19	AC_MSG_RESULT(yes)
22	EXTRA_CFLAGS+="-mindirect-branch=thunk"	20	EXTRA_CFLAGS+=" -mindirect-branch=thunk "
23	])	21	])
24	AS_IF([test "$HAVE_SPECTRE" = "no"], [	22	AS_IF([test "$HAVE_SPECTRE" = "no"], [
25	AC_MSG_RESULT(... not available)	23	AC_MSG_RESULT(... not available)
26	])	24	])
27	AC_SUBST([EXTRA_CFLAGS])	25	AC_SUBST([EXTRA_CFLAGS])
28		26
29
30	HAVE_APPARMOR=""	27	HAVE_APPARMOR=""
31	AC_ARG_ENABLE([apparmor],	28	AC_ARG_ENABLE([apparmor],
32	AS_HELP_STRING([--enable-apparmor], [enable apparmor]))	29	AS_HELP_STRING([--enable-apparmor], [enable apparmor]))
@@ -35,13 +32,12 @@ AS_IF([test "x$enable_apparmor" = "xyes"], [
35	AC_SUBST(HAVE_APPARMOR)	32	AC_SUBST(HAVE_APPARMOR)
36	])	33	])
37		34
38
39	AS_IF([test "x$enable_apparmor" = "xyes"], [	35	AS_IF([test "x$enable_apparmor" = "xyes"], [
40	AC_CHECK_HEADER(sys/apparmor.h, , [AC_MSG_ERROR(	36	AC_CHECK_HEADER(sys/apparmor.h, , [AC_MSG_ERROR(
41	[Couldn't find sys/apparmor.h... please install apparmor user space library and development files] )])	37	[Couldn't find sys/apparmor.h... please install apparmor user space library and development files] )])
42	])	38	])
43	AS_IF([test "x$enable_apparmor" = "xyes"], [	39	AS_IF([test "x$enable_apparmor" = "xyes"], [
44	EXTRA_LDFLAGS+="-lapparmor "	40	EXTRA_LDFLAGS+=" -lapparmor "
45	])	41	])
46	AC_SUBST([EXTRA_LDFLAGS])	42	AC_SUBST([EXTRA_LDFLAGS])
47		43
@@ -160,7 +156,7 @@ AC_ARG_ENABLE([gcov],
160	AS_HELP_STRING([--enable-gcov], [Gcov instrumentation]))	156	AS_HELP_STRING([--enable-gcov], [Gcov instrumentation]))
161	AS_IF([test "x$enable_gcov" = "xyes"], [	157	AS_IF([test "x$enable_gcov" = "xyes"], [
162	HAVE_GCOV="--coverage -DHAVE_GCOV "	158	HAVE_GCOV="--coverage -DHAVE_GCOV "
163	EXTRA_LDFLAGS+="-lgcov --coverage "	159	EXTRA_LDFLAGS+=" -lgcov --coverage "
164	AC_SUBST(HAVE_GCOV)	160	AC_SUBST(HAVE_GCOV)
165	])	161	])
166		162


diff --git a/src/fsec-print/print.c b/src/fsec-print/print.c index e3b53c44c..faf59aa35 100644 --- a/src/fsec-print/print.c +++ b/src/fsec-print/print.c
@@ -269,7 +269,7 @@ static void bpf_decode_args(const struct sock_filter *bpf, unsigned int line) {
269	native_arch = (ARCH_NR == ARCH_64)? 1: 0;	269	native_arch = (ARCH_NR == ARCH_64)? 1: 0;
270	}	270	}
271	else if (bpf->k == X32_SYSCALL_BIT)	271	else if (bpf->k == X32_SYSCALL_BIT)
272	printf("X32_ABI true:%.4x (false %.4x)",	272	printf("X32_ABI %.4x (false %.4x)",
273	(line + 1) + bpf->jt,	273	(line + 1) + bpf->jt,
274	(line + 1) + bpf->jf);	274	(line + 1) + bpf->jf);
275	else if (name)	275	else if (name)