=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On Monday, January 28, 2019 12:10 PM, Rupert Gallagher <ruga@protonmail.com=
wrote:
I can replicate your log when using the default tool-chain by Apple.
The following causes my system to fail with openldap, replicating my orig=
inal bug.
The same settings succeed with many other open source projects: openldap =
is the only one that fails.
install the official clang/llvm tool-chain from llvm.org;
set up the shell as follows:
export CC=3D"/opt/llvm/bin/clang"; # gcc export CMAKE_C_COMPILER=3D"/opt/llvm/bin/clang"; export CPP=3D"/opt/llvm/bin/clang -E"; # cpp export CXX=3D"/opt/llvm/bin/clang++"; # g++ export CMAKE_CXX_COMPILER=3D"/opt/llvm/bin/clang++"; # g++ export AR=3D"/opt/llvm/bin/llvm-ar"; # ar export CMAKE_AR=3D"/opt/llvm/bin/llvm-ar"; # ar export CMAKE_LINKER=3D"/usr/bin/ld"; # Apple's own export NM=3D"/opt/llvm/bin/llvm-nm"; # nm export CMAKE_NM=3D"/opt/llvm/bin/llvm-nm"; # nm export CMAKE_OBJDUMP=3D"/opt/llvm/bin/llvm-objdump"; export RANLIB=3D"/opt/llvm/bin/llvm-ranlib"; export CMAKE_RANLIB=3D"/opt/llvm/bin/llvm-ranlib"; sdk_p=3D"$( /usr/bin/xcode-select -print-path )"; sdk_v=3D"$( /usr/bin/xcrun --show-sdk-version )";
runtime compatibility with former versions:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
sdk_c=3D"${sdk_v}"; case $sdk_v in 10.14) sdk_c=3D"10.13";; 10.13) sdk_c=3D"10.13";; esac
CFLAGS=3D""; CCFLAGS=3D""; CPPFLAGS=3D""; LDFLAGS=3D"";
export MACOSX_DEPLOYMENT_TARGET=3D"${sdk_c}"; CFLAGS=3D"$CFLAGS -g -mmacosx-version-min=3D${sdk_c} -isysroot ${sdk_p}/P=
latforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk";
CFLAGS=3D"$CFLAGS -arch x86_64";
exploit mitigation: RELRO + BIND_NOW
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
LDFLAGS=3D"$LDFLAGS -Wl,-z,relro,-z,now";
exploit mitigation: stack canary
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
CFLAGS=3D"$CFLAGS -fstack-protector-all";
nicer stack traces in error messages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
CFLAGS=3D"$CFLAGS -fno-omit-frame-pointer";
exploit mitigations:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
CFLAGS=3D"$CFLAGS -fPIC -fPIE"; LDFLAGS=3D"$LDFLAGS -pie";
exploit mitigation: protect memory and string functions
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D
CFLAGS=3D"$CFLAGS -O2"; CPPFLAGS=3D"$CPPFLAGS -D_FORTIFY_SOURCE=3D2";
exploit mitigation: format string warnings as errors
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D
CFLAGS=3D"$CFLAGS -Wformat -Wformat-security -Werror=3Dformat-security";
export CFLAGS; export CCFLAGS=3D"$CFLAGS"; export CPPFLAGS; export CXXFLAGS=3D"$CPPFLAGS"; export LDFLAGS; export DSOFLAGS=3D"$LDFLAGS";
-
rugaï¼ protonmail.com