Date: Thu, 3 Jun 2021 13:59:51 GMT From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: 70b08e987327 - 2021Q2 - security/libgcrypt: Make static an option Message-ID: <202106031359.153DxpQf057214@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch 2021Q2 has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=70b08e987327d237ba066bf3398b3e55675f9c76 commit 70b08e987327d237ba066bf3398b3e55675f9c76 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-05-23 03:36:23 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-06-03 13:59:23 +0000 security/libgcrypt: Make static an option Static linked binaries, due to the fact that they're statically linked, can pose a security risk should a library be updated and depending software not be recompiled and linked. This was a hot topic on BUGTRAQ about 25 years ago. The default is to build static libraries so as not to alter the package avoiding a POLA violation. PR: 255735 Submitted by: Daniel Engberg <daniel.engberg.lists@pyret.net> (mostly) Reported by: Daniel Engberg <daniel.engberg.lists@pyret.net> Reviewed by: cy Tested by: cy MFH: 2021Q2 (cherry picked from commit 527821a60c9f2e706a0549ac23c8ddc6d8b778c3) --- security/libgcrypt/Makefile | 8 ++++++-- security/libgcrypt/pkg-plist | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile index 06b539a51c8c..4bcdcc8db166 100644 --- a/security/libgcrypt/Makefile +++ b/security/libgcrypt/Makefile @@ -18,7 +18,7 @@ USES= cpe libtool makeinfo tar:bzip2 CPE_VENDOR= gnupg USE_CSTD= gnu89 GNU_CONFIGURE= yes -CONFIGURE_ARGS= --disable-drng-support --enable-static=yes +CONFIGURE_ARGS= --disable-drng-support CONFIGURE_ENV= MAKEINFO="${MAKEINFO} --no-split" CONFIGURE_TARGET=${ARCH:S/amd64/x86_64/}-portbld-${OPSYS:tl}${OSREL} USE_LDCONFIG= yes @@ -29,7 +29,11 @@ DOCS= AUTHORS ChangeLog ChangeLog-2011 INSTALL NEWS THANKS TODO \ INFO= gcrypt PORTDOCS= * -OPTIONS_DEFINE= DOCS +OPTIONS_DEFINE= DOCS STATIC +OPTIONS_DEFAULT= DOCS STATIC +OPTIONS_SUB= yes + +STATIC_CONFIGURE_ENABLE= static .include <bsd.port.options.mk> diff --git a/security/libgcrypt/pkg-plist b/security/libgcrypt/pkg-plist index b09d7fdf9bf5..00796bc75bb1 100644 --- a/security/libgcrypt/pkg-plist +++ b/security/libgcrypt/pkg-plist @@ -3,7 +3,7 @@ bin/dumpsexp bin/hmac256 bin/libgcrypt-config include/gcrypt.h -lib/libgcrypt.a +%%STATIC%%lib/libgcrypt.a lib/libgcrypt.so lib/libgcrypt.so.20 lib/libgcrypt.so.20.3.3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106031359.153DxpQf057214>