--- a/components/a2ps/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/a2ps/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -61,6 +61,9 @@
ln -s $$sheet ; \
done)
+# Enable ASLR for this component
+ASLR_MODE = $(ASLR_ENABLE)
+
# common targets
build: $(BUILD_32)
--- a/components/autogen/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/autogen/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -46,6 +46,9 @@
# strip the environment or install target fails
ENV += -i
+# Enable ASLR for this component
+ASLR_MODE = $(ASLR_ENABLE)
+
# common targets
build: $(BUILD_32)
--- a/components/bind/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/bind/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -70,6 +70,9 @@
# Configure will add "-mt" to CC which is already set in CFLAGS, so override.
CONFIGURE_OPTIONS += CC="$(CC)"
+# Enable ASLR for this component
+ASLR_MODE = $(ASLR_ENABLE)
+
.PHONY: build
build: $(BUILD_32)
--- a/components/bison/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/bison/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -45,6 +45,9 @@
CONFIGURE_OPTIONS += --infodir=$(CONFIGURE_INFODIR)
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
+# Enable ASLR for this component
+ASLR_MODE = $(ASLR_ENABLE)
+
$(INSTALL_32): $(INSTALL_64)
# common targets
--- a/components/bzip2/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/bzip2/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -40,6 +40,9 @@
include ../../make-rules/ips.mk
include ../../make-rules/lint-libraries.mk
+# Enable ASLR for this component
+ASLR_MODE = $(ASLR_ENABLE)
+
LINT_FLAGS += -I.
# we need to enable large file support and build PIC for our shared libraries
--- a/components/clisp/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/clisp/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -65,6 +65,8 @@
CONFIGURE_OPTIONS += --with-libsigsegv-prefix=$(CONFIGURE_PREFIX)
CONFIGURE_OPTIONS += --with-libreadline-prefix=$(CONFIGURE_PREFIX)
+# For now keep ASLR disabled for clisp (the default); build may core dump with ASLR
+
# Prevent clisp.ps and clisp.pdf having different versions for SPARC
# and x86 in the clisp package, because of embedded dates.
TIME_CONSTANT = 1348000000
--- a/components/coreutils/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/coreutils/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -42,6 +42,9 @@
CONFIGURE_OPTIONS += CPPFLAGS=-I/usr/include/gmp
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
+# Enable ASLR for this component
+ASLR_MODE = $(ASLR_ENABLE)
+
# common targets
build: $(BUILD_32)
--- a/components/cvs/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/cvs/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -41,6 +41,9 @@
CONFIGURE_OPTIONS += --with-external-zlib
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
+# Enable ASLR for this component
+ASLR_MODE = $(ASLR_ENABLE)
+
# "check" is not working yet. It's asking for a password.
COMPONENT_TEST_ENV += PATH=$(GNUBIN):$(PATH)
COMPONENT_TEST_TARGETS = localcheck
--- a/components/emacs/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/emacs/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -80,6 +80,9 @@
CONFIGURE_OPTIONS += --with-gif=no
CONFIGURE_OPTIONS += ac_cv_sys_long_file_names=yes
+# ASLR should remain disabled for emacs (the default);
+# build consistently core dumps with ASLR
+
# variant specific configure options
$(BUILD_DIR)/%-nox/.configured: CONFIGURE_OPTIONS += --without-x
$(BUILD_DIR)/%-x/.configured: CONFIGURE_OPTIONS += --with-x-toolkit=lucid
--- a/components/gcc45/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/gcc45/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -70,6 +70,8 @@
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
+# Keep ASLR disabled (the default) for gcc 4.5; build often core dumps with ASLR
+
COMPONENT_BUILD_ENV += SHELL=$(CONFIG_SHELL)
COMPONENT_BUILD_TARGETS=bootstrap
--- a/components/lighttpd/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/lighttpd/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -60,6 +60,9 @@
CONFIGURE_OPTIONS += --with-mysql=/usr/mysql/bin/mysql_config
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
+# Enable ASLR for this component
+ASLR_MODE = $(ASLR_ENABLE)
+
# common targets
build: $(BUILD_32)
--- a/components/tcl/expect/Makefile Thu Jan 31 15:47:26 2013 -0800
+++ b/components/tcl/expect/Makefile Fri Feb 01 18:32:13 2013 -0800
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../../make-rules/shared-macros.mk
@@ -46,8 +46,7 @@
COMPONENT_PRE_CONFIGURE_ACTION = \
($(CLONEY) $(SOURCE_DIR) $(@D))
-COMPONENT_PRE_BUILD_ACTION = \
- (cd $(@D); $(GMAKE) all ${SCRIPTS};)
+COMPONENT_BUILD_TARGETS = all ${SCRIPTS}
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
CONFIGURE_OPTIONS += --enable-shared
--- a/make-rules/ips.mk Thu Jan 31 15:47:26 2013 -0800
+++ b/make-rules/ips.mk Fri Feb 01 18:32:13 2013 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
#
#
@@ -245,6 +245,14 @@
-f $(WS_TOOLS)/pkglintrc $(RESOLVED)
$(TOUCH) $@
+lintme: FRC
+ @echo "VALIDATING MANIFEST CONTENT: $(RESOLVED)"
+ $(ENV) PYTHONPATH=$(WS_TOOLS)/python PROTO_PATH="$(PKG_PROTO_DIRS)"\
+ $(PKGLINT) $(CANONICAL_REPO:%=-c $(WS_LINT_CACHE)) \
+ -f $(WS_TOOLS)/pkglintrc $(RESOLVED)
+
+FRC:
+
# published
PKGSEND_PUBLISH_OPTIONS = -s $(PKG_REPO) publish --fmri-in-manifest
--- a/make-rules/shared-macros.mk Thu Jan 31 15:47:26 2013 -0800
+++ b/make-rules/shared-macros.mk Fri Feb 01 18:32:13 2013 -0800
@@ -601,6 +601,16 @@
# use direct binding
LD_B_DIRECT = -Bdirect
+# use generic macro names for enabling/disabling ASLR
+ASLR_ENABLE = -z aslr=enable
+ASLR_DISABLE = -z aslr=disable
+ASLR_MODE = $(ASLR_DISABLE)
+
+# by default, turn off Address Space Layout Randomization for ELF executables;
+# to explicitly enable ASLR, set ASLR_MODE = $(ASLR_ENABLE)
+# in that component's Makefile
+LD_Z_ASLR = $(ASLR_MODE)
+
#
# More Solaris linker flags that we want to be sure that everyone gets. This
# is automatically added to the calling environment during the 'build' and
@@ -633,12 +643,17 @@
LD_OPTIONS += $(LD_MAP_NOEXSTK.$(MACH)) $(LD_MAP_NOEXDATA.$(MACH)) \
$(LD_MAP_PAGEALIGN) $(LD_B_DIRECT) $(LD_Z_IGNORE)
+# only used on executables
+LD_EXEC_OPTIONS = $(LD_Z_ASLR)
+
# Environment variables and arguments passed into the build and install
# environment(s). These are the initial settings.
COMPONENT_BUILD_ENV= \
- LD_OPTIONS="$(LD_OPTIONS)"
+ LD_OPTIONS="$(LD_OPTIONS)" \
+ LD_EXEC_OPTIONS="$(LD_EXEC_OPTIONS)"
COMPONENT_INSTALL_ENV= \
- LD_OPTIONS="$(LD_OPTIONS)"
+ LD_OPTIONS="$(LD_OPTIONS)" \
+ LD_EXEC_OPTIONS="$(LD_EXEC_OPTIONS)"
# Add any bit-specific settings
COMPONENT_BUILD_ENV += $(COMPONENT_BUILD_ENV.$(BITS))
--- a/tools/python/pkglint/userland.py Thu Jan 31 15:47:26 2013 -0800
+++ b/tools/python/pkglint/userland.py Fri Feb 01 18:32:13 2013 -0800
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
#
# Some userland consolidation specific lint checks
@@ -31,6 +31,7 @@
import pkg.elf as elf
import re
import os.path
+import subprocess
class UserlandActionChecker(base.ActionChecker):
"""An opensolaris.org-specific class to check actions."""
@@ -200,6 +201,39 @@
return result
+ def __elf_aslr_check(self, path, engine):
+ result = None
+
+ ei = elf.get_info(path)
+ type = ei.get("type");
+ if type != "exe":
+ return result
+
+ # get the ASLR tag string for this binary
+ aslr_tag_process = subprocess.Popen(
+ "/usr/bin/elfedit -r -e 'dyn:sunw_aslr' "
+ + path, shell=True,
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+
+ # aslr_tag_string will get stdout; err will get stderr
+ aslr_tag_string, err = aslr_tag_process.communicate()
+
+ # No ASLR tag was found; everthing must be tagged
+ if aslr_tag_process.returncode != 0:
+ engine.error(
+ _("'%s' is not tagged for aslr") % (path),
+ msgid="%s%s.5" % (self.name, "001"))
+ return result
+
+ # look for "ENABLE" anywhere in the string;
+ # warn about binaries which are not ASLR enabled
+ if re.search("ENABLE", aslr_tag_string) is not None:
+ return result
+ engine.warning(
+ _("'%s' does not have aslr enabled") % (path),
+ msgid="%s%s.6" % (self.name, "001"))
+ return result
+
def __elf_runpath_check(self, path, engine):
result = None
list = []
@@ -325,6 +359,7 @@
if result != None:
engine.error(result % path,
msgid="%s%s.3" % (self.name, pkglint_id))
+ result = self.__elf_aslr_check(fullpath, engine)
file_action.pkglint_desc = _("Paths should exist in the proto area.")