Mercurial > hgrepos > Python2 > PyMuPDF

changeset 7:5ab937c03c27

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Apply full RELRO to all generated binaries. Also strip the generated binaries.
author Franz Glasner <fzglas.hg@dom66.de>
date Tue, 16 Sep 2025 12:37:32 +0200
parents b5f06508363a
children bf1744083a54
files mupdf-source/Makerules mupdf-source/scripts/jlib.py setup.py
diffstat 3 files changed, 15 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/mupdf-source/Makerules	Mon Sep 15 16:16:51 2025 +0200
+++ b/mupdf-source/Makerules	Tue Sep 16 12:37:32 2025 +0200
@@ -152,13 +152,13 @@
   LDFLAGS += -g
 else ifeq ($(build),release)
   CFLAGS += -pipe -O2 -DNDEBUG
-  LDFLAGS += $(LDREMOVEUNREACH) -Wl,-s
+  LDFLAGS += $(LDREMOVEUNREACH) -Wl,-s,-z,relro,-z,now
 else ifeq ($(build),small)
   CFLAGS += -pipe -Os -DNDEBUG
-  LDFLAGS += $(LDREMOVEUNREACH) -Wl,-s
+  LDFLAGS += $(LDREMOVEUNREACH) -Wl,-s,-z,relro,-z,now
 else ifeq ($(build),valgrind)
   CFLAGS += -pipe -O2 -DNDEBUG -DPACIFY_VALGRIND
-  LDFLAGS += $(LDREMOVEUNREACH) -Wl,-s
+  LDFLAGS += $(LDREMOVEUNREACH) -Wl,-s,-z,relro,-z,now
 else ifeq ($(build),sanitize)
   CFLAGS += -pipe -g $(SANITIZE_FLAGS)
   LDFLAGS += -g $(SANITIZE_FLAGS)
@@ -173,7 +173,7 @@
   LIBS += -lgcov
 else ifeq ($(build),native)
   CFLAGS += -pipe -O2 -DNDEBUG -march=native
-  LDFLAGS += $(LDREMOVEUNREACH) -Wl,-s
+  LDFLAGS += $(LDREMOVEUNREACH) -Wl,-s,-z,relro,-z,now
 else ifeq ($(build),memento)
   CFLAGS += -pipe -g -DMEMENTO -DMEMENTO_MUPDF_HACKS
   LDFLAGS += -g -rdynamic
--- a/mupdf-source/scripts/jlib.py	Mon Sep 15 16:16:51 2025 +0200
+++ b/mupdf-source/scripts/jlib.py	Tue Sep 16 12:37:32 2025 +0200
@@ -2303,5 +2303,10 @@
             ret += ' -Wl,-rpath,@loader_path/.'
         else:
             ret += " -Wl,-rpath,'$ORIGIN',-z,origin"
+    # FreeBSD
+    #   Full RELRO
+    ret += ' -Wl,-z,relro,-z,now'
+    #   Strip
+    ret += ' -Wl,-s'
     #log('{sos=} {ld_origin=} {ret=}')
     return ret.strip()
--- a/setup.py	Mon Sep 15 16:16:51 2025 +0200
+++ b/setup.py	Tue Sep 16 12:37:32 2025 +0200
@@ -1214,6 +1214,12 @@
     if pyodide:
         compiler_extra += f' {pyodide_flags}'
         linker_extra += f' {pyodide_flags}'
+
+    # FreeBSD:
+    #   Full RELRO
+    linker_extra += ' -Wl,-z,relro,-z,now'
+    #   Strip
+    linker_extra += ' -Wl,-s'
         
     return compiler_extra, linker_extra, includes, defines, optimise, debug, libpaths, libs, libraries,