diff options
author | netblue30 <netblue30@yahoo.com> | 2018-03-23 20:33:53 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-03-23 20:33:53 -0400 |
commit | 7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08 (patch) | |
tree | 9822d57fb2cf29937ba808d2c6cb0b814bbcf3f4 | |
parent | support Spectre mitigation patch for gcc compiler (diff) | |
download | firejail-7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08.tar.gz firejail-7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08.tar.zst firejail-7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08.zip |
fixes
-rwxr-xr-x | configure | 10 | ||||
-rw-r--r-- | configure.ac | 10 | ||||
-rw-r--r-- | src/fsec-print/print.c | 2 |
3 files changed, 7 insertions, 15 deletions
@@ -2100,7 +2100,6 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu | |||
2100 | 2100 | ||
2101 | #AC_CONFIG_HEADERS([config.h]) | 2101 | #AC_CONFIG_HEADERS([config.h]) |
2102 | 2102 | ||
2103 | |||
2104 | ac_ext=c | 2103 | ac_ext=c |
2105 | ac_cpp='$CPP $CPPFLAGS' | 2104 | ac_cpp='$CPP $CPPFLAGS' |
2106 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | 2105 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' |
@@ -3106,7 +3105,6 @@ else | |||
3106 | fi | 3105 | fi |
3107 | 3106 | ||
3108 | 3107 | ||
3109 | |||
3110 | HAVE_SPECTRE="no" | 3108 | HAVE_SPECTRE="no" |
3111 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc compiler" >&5 | 3109 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc compiler" >&5 |
3112 | $as_echo_n "checking for Spectre mitigation support in gcc compiler... " >&6; } | 3110 | $as_echo_n "checking for Spectre mitigation support in gcc compiler... " >&6; } |
@@ -3121,7 +3119,7 @@ if test "$HAVE_SPECTRE" = "yes"; then : | |||
3121 | 3119 | ||
3122 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 3120 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 |
3123 | $as_echo "yes" >&6; } | 3121 | $as_echo "yes" >&6; } |
3124 | EXTRA_CFLAGS+="-mindirect-branch=thunk" | 3122 | EXTRA_CFLAGS+=" -mindirect-branch=thunk " |
3125 | 3123 | ||
3126 | fi | 3124 | fi |
3127 | if test "$HAVE_SPECTRE" = "no"; then : | 3125 | if test "$HAVE_SPECTRE" = "no"; then : |
@@ -3132,7 +3130,6 @@ $as_echo "... not available" >&6; } | |||
3132 | fi | 3130 | fi |
3133 | 3131 | ||
3134 | 3132 | ||
3135 | |||
3136 | HAVE_APPARMOR="" | 3133 | HAVE_APPARMOR="" |
3137 | # Check whether --enable-apparmor was given. | 3134 | # Check whether --enable-apparmor was given. |
3138 | if test "${enable_apparmor+set}" = set; then : | 3135 | if test "${enable_apparmor+set}" = set; then : |
@@ -3147,7 +3144,6 @@ if test "x$enable_apparmor" = "xyes"; then : | |||
3147 | fi | 3144 | fi |
3148 | 3145 | ||
3149 | 3146 | ||
3150 | |||
3151 | ac_ext=c | 3147 | ac_ext=c |
3152 | ac_cpp='$CPP $CPPFLAGS' | 3148 | ac_cpp='$CPP $CPPFLAGS' |
3153 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | 3149 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' |
@@ -3559,7 +3555,7 @@ fi | |||
3559 | fi | 3555 | fi |
3560 | if test "x$enable_apparmor" = "xyes"; then : | 3556 | if test "x$enable_apparmor" = "xyes"; then : |
3561 | 3557 | ||
3562 | EXTRA_LDFLAGS+="-lapparmor " | 3558 | EXTRA_LDFLAGS+=" -lapparmor " |
3563 | 3559 | ||
3564 | fi | 3560 | fi |
3565 | 3561 | ||
@@ -3753,7 +3749,7 @@ fi | |||
3753 | if test "x$enable_gcov" = "xyes"; then : | 3749 | if test "x$enable_gcov" = "xyes"; then : |
3754 | 3750 | ||
3755 | HAVE_GCOV="--coverage -DHAVE_GCOV " | 3751 | HAVE_GCOV="--coverage -DHAVE_GCOV " |
3756 | EXTRA_LDFLAGS+="-lgcov --coverage " | 3752 | EXTRA_LDFLAGS+=" -lgcov --coverage " |
3757 | 3753 | ||
3758 | 3754 | ||
3759 | fi | 3755 | fi |
diff --git a/configure.ac b/configure.ac index d6d4eb874..9a7a9d65e 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -3,13 +3,11 @@ AC_INIT(firejail, 0.9.53, netblue30@yahoo.com, , http://firejail.wordpress.com) | |||
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
6 | |||
7 | AC_PROG_CC | 6 | AC_PROG_CC |
8 | #AC_PROG_CXX | 7 | #AC_PROG_CXX |
9 | AC_PROG_INSTALL | 8 | AC_PROG_INSTALL |
10 | AC_PROG_RANLIB | 9 | AC_PROG_RANLIB |
11 | 10 | ||
12 | |||
13 | HAVE_SPECTRE="no" | 11 | HAVE_SPECTRE="no" |
14 | AC_MSG_CHECKING(for Spectre mitigation support in gcc compiler) | 12 | AC_MSG_CHECKING(for Spectre mitigation support in gcc compiler) |
15 | AS_IF([test "$CC" = "gcc"], [ | 13 | AS_IF([test "$CC" = "gcc"], [ |
@@ -19,14 +17,13 @@ AS_IF([test "$CC" = "gcc"], [ | |||
19 | ]) | 17 | ]) |
20 | AS_IF([test "$HAVE_SPECTRE" = "yes"], [ | 18 | AS_IF([test "$HAVE_SPECTRE" = "yes"], [ |
21 | AC_MSG_RESULT(yes) | 19 | AC_MSG_RESULT(yes) |
22 | EXTRA_CFLAGS+="-mindirect-branch=thunk" | 20 | EXTRA_CFLAGS+=" -mindirect-branch=thunk " |
23 | ]) | 21 | ]) |
24 | AS_IF([test "$HAVE_SPECTRE" = "no"], [ | 22 | AS_IF([test "$HAVE_SPECTRE" = "no"], [ |
25 | AC_MSG_RESULT(... not available) | 23 | AC_MSG_RESULT(... not available) |
26 | ]) | 24 | ]) |
27 | AC_SUBST([EXTRA_CFLAGS]) | 25 | AC_SUBST([EXTRA_CFLAGS]) |
28 | 26 | ||
29 | |||
30 | HAVE_APPARMOR="" | 27 | HAVE_APPARMOR="" |
31 | AC_ARG_ENABLE([apparmor], | 28 | AC_ARG_ENABLE([apparmor], |
32 | AS_HELP_STRING([--enable-apparmor], [enable apparmor])) | 29 | AS_HELP_STRING([--enable-apparmor], [enable apparmor])) |
@@ -35,13 +32,12 @@ AS_IF([test "x$enable_apparmor" = "xyes"], [ | |||
35 | AC_SUBST(HAVE_APPARMOR) | 32 | AC_SUBST(HAVE_APPARMOR) |
36 | ]) | 33 | ]) |
37 | 34 | ||
38 | |||
39 | AS_IF([test "x$enable_apparmor" = "xyes"], [ | 35 | AS_IF([test "x$enable_apparmor" = "xyes"], [ |
40 | AC_CHECK_HEADER(sys/apparmor.h, , [AC_MSG_ERROR( | 36 | AC_CHECK_HEADER(sys/apparmor.h, , [AC_MSG_ERROR( |
41 | [Couldn't find sys/apparmor.h... please install apparmor user space library and development files] )]) | 37 | [Couldn't find sys/apparmor.h... please install apparmor user space library and development files] )]) |
42 | ]) | 38 | ]) |
43 | AS_IF([test "x$enable_apparmor" = "xyes"], [ | 39 | AS_IF([test "x$enable_apparmor" = "xyes"], [ |
44 | EXTRA_LDFLAGS+="-lapparmor " | 40 | EXTRA_LDFLAGS+=" -lapparmor " |
45 | ]) | 41 | ]) |
46 | AC_SUBST([EXTRA_LDFLAGS]) | 42 | AC_SUBST([EXTRA_LDFLAGS]) |
47 | 43 | ||
@@ -160,7 +156,7 @@ AC_ARG_ENABLE([gcov], | |||
160 | AS_HELP_STRING([--enable-gcov], [Gcov instrumentation])) | 156 | AS_HELP_STRING([--enable-gcov], [Gcov instrumentation])) |
161 | AS_IF([test "x$enable_gcov" = "xyes"], [ | 157 | AS_IF([test "x$enable_gcov" = "xyes"], [ |
162 | HAVE_GCOV="--coverage -DHAVE_GCOV " | 158 | HAVE_GCOV="--coverage -DHAVE_GCOV " |
163 | EXTRA_LDFLAGS+="-lgcov --coverage " | 159 | EXTRA_LDFLAGS+=" -lgcov --coverage " |
164 | AC_SUBST(HAVE_GCOV) | 160 | AC_SUBST(HAVE_GCOV) |
165 | ]) | 161 | ]) |
166 | 162 | ||
diff --git a/src/fsec-print/print.c b/src/fsec-print/print.c index e3b53c44c..faf59aa35 100644 --- a/src/fsec-print/print.c +++ b/src/fsec-print/print.c | |||
@@ -269,7 +269,7 @@ static void bpf_decode_args(const struct sock_filter *bpf, unsigned int line) { | |||
269 | native_arch = (ARCH_NR == ARCH_64)? 1: 0; | 269 | native_arch = (ARCH_NR == ARCH_64)? 1: 0; |
270 | } | 270 | } |
271 | else if (bpf->k == X32_SYSCALL_BIT) | 271 | else if (bpf->k == X32_SYSCALL_BIT) |
272 | printf("X32_ABI true:%.4x (false %.4x)", | 272 | printf("X32_ABI %.4x (false %.4x)", |
273 | (line + 1) + bpf->jt, | 273 | (line + 1) + bpf->jt, |
274 | (line + 1) + bpf->jf); | 274 | (line + 1) + bpf->jf); |
275 | else if (name) | 275 | else if (name) |