From 65d922564a281d55193f7d81f7ba30501d46e73a Mon Sep 17 00:00:00 2001 From: Mohamad Jaara Date: Tue, 29 Aug 2023 17:40:37 +0200 Subject: [PATCH 1/2] feat: build libcryptobox with stack protector flag --- Dockerfile | 2 +- android/Makefile | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1e96abf..8257dff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM rust +FROM rust:bullseye USER root diff --git a/android/Makefile b/android/Makefile index 3d14c86..c8db5dd 100644 --- a/android/Makefile +++ b/android/Makefile @@ -105,7 +105,9 @@ jni/armeabi-v7a/libcryptobox.so: libsodium-armeabi-v7a | build/src/$(CRYPTOBOX_N -L ../../libsodium-android-arm-v7a/lib \ -C ar=arm-linux-androideabi-ar \ -C linker=armv7a-linux-androideabi16-clang \ - -C link_args="-Wl,-soname,libcryptobox.so" + -C link_args="-Wl,-soname,libcryptobox.so" \ + -C link_arg=-fstack-protector-strong \ + -C target_feature=+crt-static mkdir -p jni/armeabi-v7a cp build/src/$(CRYPTOBOX_NAME)/target/armv7-linux-androideabi/release/libcryptobox.so jni/armeabi-v7a/libcryptobox.so @@ -118,7 +120,9 @@ jni/x86/libcryptobox.so: libsodium-x86 | build/src/$(CRYPTOBOX_NAME) -L ../../libsodium-android-x86/lib \ -C ar=i686-linux-android-ar \ -C linker=i686-linux-android16-clang \ - -C link_args="-Wl,-soname,libcryptobox.so" + -C link_args="-Wl,-soname,libcryptobox.so" \ + -C link_arg=-fstack-protector-strong \ + -C target_feature=+crt-static mkdir -p jni/x86 cp build/src/$(CRYPTOBOX_NAME)/target/i686-linux-android/release/libcryptobox.so jni/x86/libcryptobox.so @@ -131,7 +135,9 @@ jni/x86_64/libcryptobox.so: libsodium-x86_64 | build/src/$(CRYPTOBOX_NAME) -L ../../libsodium-android-x86_64/lib \ -C ar=x86_64-linux-android-ar \ -C linker=x86_64-linux-android21-clang \ - -C link_args="-Wl,-soname,libcryptobox.so" + -C link_args="-Wl,-soname,libcryptobox.so" \ + -C link_arg=-fstack-protector-strong \ + -C target_feature=+crt-static mkdir -p jni/x86_64 cp build/src/$(CRYPTOBOX_NAME)/target/x86_64-linux-android/release/libcryptobox.so jni/x86_64/libcryptobox.so @@ -144,7 +150,9 @@ jni/arm64-v8a/libcryptobox.so: libsodium-aarch64 | build/src/$(CRYPTOBOX_NAME) -L ../../libsodium-android-armv8-a/lib \ -C ar=aarch64-linux-android-ar \ -C linker=aarch64-linux-android21-clang \ - -C link_args="-Wl,-soname,libcryptobox.so" + -C link_args="-Wl,-soname,libcryptobox.so" \ + -C link_arg=-fstack-protector-strong \ + -C target_feature=+crt-static mkdir -p jni/arm64-v8a cp build/src/$(CRYPTOBOX_NAME)/target/aarch64-linux-android/release/libcryptobox.so jni/arm64-v8a/libcryptobox.so From 66907883de77b49123cb76bbb12f23b37b0c39be Mon Sep 17 00:00:00 2001 From: "mohamad.jaara" Date: Wed, 30 Aug 2023 14:05:15 +0200 Subject: [PATCH 2/2] add -fstack-protector-strong to the Android.mk file --- android/jni/Android.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/android/jni/Android.mk b/android/jni/Android.mk index 2d469ee..5e13ea4 100644 --- a/android/jni/Android.mk +++ b/android/jni/Android.mk @@ -19,5 +19,5 @@ LOCAL_MODULE := cryptobox-jni LOCAL_SRC_FILES := ../../src/cryptobox-jni.c LOCAL_SHARED_LIBRARIES := libsodium-prebuilt libcryptobox-prebuilt LOCAL_LDLIBS := -llog -LOCAL_CFLAGS += -std=c99 -Wall +LOCAL_CFLAGS += -std=c99 -Wall -fstack-protector-strong include $(BUILD_SHARED_LIBRARY)