解决cve漏洞扫描问题

build/script/separate_debug_information.sh

@@ -109,7 +109,7 @@ separate_symbol()
 			if [ -x "$x" ]; then
 				if [ "$x" != "install-sh"  ]; then
 					objcopy --only-keep-debug "$x" "$INSTALL_DIR/${symbol_name}.symbol" > /dev/null 2>&1
-					objcopy --strip-debug "$x" "$x"_release
+					objcopy --strip-all "$x" "$x"_release
 					rm  "$x"
 					mv "$x"_release "$x"
 					objcopy --add-gnu-debuglink="$INSTALL_DIR/${symbol_name}.symbol" "$x"
@@ -127,7 +127,7 @@ separate_symbol()
 				    fi
 				fi			
 				objcopy --only-keep-debug "$x" "$INSTALL_DIR/${symbol_name}.symbol" > /dev/null 2>&1
-				objcopy --strip-debug "$x" "$x"_release
+				objcopy --strip-all "$x" "$x"_release
 				rm  "$x"
 				mv "$x"_release "$x"
 				objcopy --add-gnu-debuglink="$INSTALL_DIR/${symbol_name}.symbol" "$x"
@@ -141,6 +141,14 @@ separate_symbol()
 				objcopy --add-gnu-debuglink="$INSTALL_DIR/${symbol_name}.symbol" "$x"
 				chmod 755 "$INSTALL_DIR/${symbol_name}.symbol"
 				mv $INSTALL_DIR/${symbol_name}.symbol $CPTODEST
+			elif [[ "$x" =~ [0-9]$ ]]; then
+				objcopy --only-keep-debug "$x" "$INSTALL_DIR/${symbol_name}.symbol" > /dev/null 2>&1
+				objcopy --strip-all "$x" "$x"_release
+				rm  "$x"
+				mv "$x"_release "$x"
+				objcopy --add-gnu-debuglink="$INSTALL_DIR/${symbol_name}.symbol" "$x"
+				chmod 755 "$INSTALL_DIR/${symbol_name}.symbol"
+				mv $INSTALL_DIR/${symbol_name}.symbol $CPTODEST
 			fi
 		elif [ -d "$x" ];then
 			separate_symbol "$x"

src/bin/pg_basebackup/Makefile

@@ -20,7 +20,7 @@ include $(top_builddir)/src/Makefile.global
 
 override CPPFLAGS := -I$(libpq_srcdir) -I$(ZLIB_INCLUDE_PATH) $(CPPFLAGS) -DHAVE_LIBZ -fPIC -fPIE -DFRONTEND -I$(top_builddir)/src/bin/pg_rewind -I$(top_builddir)/src/bin/pg_ctl -I$(LZ4_INCLUDE_PATH)
 
-LDFLAGS += -L$(LZ4_LIB_PATH)
+LDFLAGS += -Wl,-z,relro,-z,now -L$(LZ4_LIB_PATH)
 LIBS += -lgssapi_krb5_gauss -lgssrpc_gauss -lkrb5_gauss -lkrb5support_gauss -lk5crypto_gauss -lcom_err_gauss -llz4
 
 ifneq "$(MAKECMDGOALS)" "clean"