diff options
author | Peter Simons <simons@cryp.to> | 2015-04-06 16:19:37 +0200 |
---|---|---|
committer | Peter Simons <simons@cryp.to> | 2015-04-06 16:19:37 +0200 |
commit | bed68ea21ea090791a247155f689bab9f7a0c6c8 (patch) | |
tree | c0dd235aa1bd187ea8aca0c06e6f3b055a482af1 /pkgs/servers | |
parent | 66c587013b2dbda80f055d894a11cad0387e3ade (diff) | |
parent | 0449962869a473d546da9aee34d0c10da34308fe (diff) | |
download | nixpkgs-bed68ea21ea090791a247155f689bab9f7a0c6c8.tar nixpkgs-bed68ea21ea090791a247155f689bab9f7a0c6c8.tar.gz nixpkgs-bed68ea21ea090791a247155f689bab9f7a0c6c8.tar.bz2 nixpkgs-bed68ea21ea090791a247155f689bab9f7a0c6c8.tar.lz nixpkgs-bed68ea21ea090791a247155f689bab9f7a0c6c8.tar.xz nixpkgs-bed68ea21ea090791a247155f689bab9f7a0c6c8.tar.zst nixpkgs-bed68ea21ea090791a247155f689bab9f7a0c6c8.zip |
Merge pull request #7189 from arno01/hardenpostfix
postfix28 and postfix211: hardening with Canary, PIE, Full RELRO and FORTIFY_SOURCE
Diffstat (limited to 'pkgs/servers')
-rw-r--r-- | pkgs/servers/mail/postfix/2.11.nix | 5 | ||||
-rw-r--r-- | pkgs/servers/mail/postfix/default.nix | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/pkgs/servers/mail/postfix/2.11.nix b/pkgs/servers/mail/postfix/2.11.nix index cb104eed980..817f559cbd5 100644 --- a/pkgs/servers/mail/postfix/2.11.nix +++ b/pkgs/servers/mail/postfix/2.11.nix @@ -33,8 +33,9 @@ stdenv.mkDerivation rec { export sendmail_path=$out/bin/sendmail make makefiles \ - CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' \ - AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl' + CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl \ + -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' \ + AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl -pie -Wl,-z,relro,-z,now' ''; installTargets = [ "non-interactive-package" ]; diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index e12565238c9..7bd2d620910 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { export sample_directory=$out/share/postfix/doc/samples export readme_directory=$out/share/postfix/doc - make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl' + make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl -pie -Wl,-z,relro,-z,now' ''; installPhase = '' |