diff options
Diffstat (limited to 'dns/dnsmasq-devel')
| -rw-r--r-- | dns/dnsmasq-devel/Makefile | 41 | ||||
| -rw-r--r-- | dns/dnsmasq-devel/distinfo | 6 |
2 files changed, 39 insertions, 8 deletions
diff --git a/dns/dnsmasq-devel/Makefile b/dns/dnsmasq-devel/Makefile index 5149a1289c7e..2d71c213b862 100644 --- a/dns/dnsmasq-devel/Makefile +++ b/dns/dnsmasq-devel/Makefile @@ -1,7 +1,7 @@ PORTNAME= dnsmasq -DISTVERSION= 2.92test16 # remember to bump PORTEPOCH when going from test to rc! +DISTVERSION= 2.92test21 # remember to bump PORTEPOCH when going from test to rc! # Leave the PORTREVISION in even if 0 to avoid accidental PORTEPOCH bumps: -PORTREVISION= 0 +PORTREVISION= 1 PORTEPOCH= 6 CATEGORIES= dns #MASTER_SITES= LOCAL/mandree/ \ @@ -18,7 +18,7 @@ LICENSE= GPLv2 DEPRECATED= Short-lived test branch, to be removed after v2.92 release -USES= cpe shebangfix tar:xz +USES= compiler cpe shebangfix tar:xz CPE_VENDOR= thekelleys SHEBANG_FILES= contrib/dnslist/dnslist.pl \ @@ -30,8 +30,28 @@ MAKE_ARGS= CC="${CC}" \ LIBS="${LDFLAGS}" \ PREFIX="${PREFIX}" \ RPM_OPT_FLAGS="${CPPFLAGS}" -CFLAGS+= -Wall -Wno-unused-function -Wno-unused-parameter \ - -Wno-unused-value -Wno-unused-variable +CFLAGS+= -Wall +# https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html +# Note there are ${ARCH}-dependent options below after .include <bsd.port.pre.mk> +# Note that these are enforced for now (2025-09-16), and we can't subject them to PIE/FORTIFY/SSP_UNSAFE or WITHOUT_ options for now. +CFLAGS+= -Wall -Wformat -Wformat=2 \ + -Werror=format-security \ + -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 \ + -fstrict-flex-arrays=3 \ + -fstack-clash-protection -fstack-protector-strong \ + -fno-delete-null-pointer-checks -fno-strict-overflow \ + -fno-strict-aliasing -ftrivial-auto-var-init=zero +LDFLAGS+= -Wl,-z,nodlopen -Wl,-z,noexecstack \ + -Wl,-z,relro -Wl,-z,now \ + -Wl,--as-needed -Wl,--no-copy-dt-needed-entries +CFLAGS+= -fPIE +LDFLAGS+= -pie +# error on obsolete C constructs +CFLAGS+= -Werror=implicit -Werror=incompatible-pointer-types \ + -Werror=int-conversion +# tune down harmless warnings due to coding style +CFLAGS+= -Wno-unused-function -Wno-unused-parameter \ + -Wno-unused-value -Wno-unused-variable -Wno-format-nonliteral CPPFLAGS+= -I${LOCALBASE}/include CONFLICTS_INSTALL= dnsmasq-2* @@ -102,6 +122,17 @@ USE_RC_SUBR= dnsmasq .include <bsd.port.pre.mk> +# https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html +.if ${ARCH} == "amd64" +CFLAGS+= -fcf-protection=full +.endif +.if ${ARCH} == "aarch64" +CFLAGS+= -mbranch-protection=standard +.endif +.if ${CHOSEN_COMPILER_TYPE} == "gcc" +CFLAGS+= -Wtrampolines +.endif + LDFLAGS+= -L${LOCALBASE}/lib ${_intllibs} ${ICONV_LIB} post-patch: diff --git a/dns/dnsmasq-devel/distinfo b/dns/dnsmasq-devel/distinfo index cab9ea6d5df9..184f1941bd97 100644 --- a/dns/dnsmasq-devel/distinfo +++ b/dns/dnsmasq-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752012471 -SHA256 (dnsmasq-2.92test16.tar.xz) = 38b69341f2a582ea2bb9379170a974743d758c641120dd4cd5c11f0e477e7828 -SIZE (dnsmasq-2.92test16.tar.xz) = 583244 +TIMESTAMP = 1756306668 +SHA256 (dnsmasq-2.92test21.tar.xz) = bb755e2cc891e05446b2a16b6f2f66ecd1c3e43e6bc0861ef3b60e088848c419 +SIZE (dnsmasq-2.92test21.tar.xz) = 585408 |