From 9d75cd4f29682f3b3b2c338e18c11cdf7a4ad66d Mon Sep 17 00:00:00 2001
From: "Kaleb S. KEITHLEY" <kkeithle@redhat.com>
Date: Mon, 1 May 2023 07:56:03 -0400
Subject: [PATCH] ceph-17.2.6, enable IBT, SHSTK when building bundled boost,
 librgw.so

  libceph-common.so

Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
---
 0028-cmake-modules-BuildBoost.cmake.patch | 15 ++++++
 0029-boost-asm.patch                      | 61 +++++++++++++++++++++++
 ceph.spec                                 |  9 +++-
 3 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 0028-cmake-modules-BuildBoost.cmake.patch
 create mode 100644 0029-boost-asm.patch

diff --git a/0028-cmake-modules-BuildBoost.cmake.patch b/0028-cmake-modules-BuildBoost.cmake.patch
new file mode 100644
index 0000000..631d072
--- /dev/null
+++ b/0028-cmake-modules-BuildBoost.cmake.patch
@@ -0,0 +1,15 @@
+--- ceph-17.2.6/cmake/modules/BuildBoost.cmake.orig	2023-04-27 14:00:28.239524778 -0400
++++ ceph-17.2.6/cmake/modules/BuildBoost.cmake	2023-04-28 07:49:59.743342207 -0400
+@@ -63,7 +63,11 @@
+   else()
+     list(APPEND boost_features "address-model=32")
+   endif()
+-  set(BOOST_CXXFLAGS "-fPIC -w") # check on arm, etc <---XXX
++  if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64")
++    set(BOOST_CXXFLAGS "-fPIC -w -fcf-protection") # check on arm, etc <---XXX
++  else()
++    set(BOOST_CXXFLAGS "-fPIC -w") # check on arm, etc <---XXX
++  endif()
+   list(APPEND boost_features "cxxflags=${BOOST_CXXFLAGS}")
+ 
+   set(boost_with_libs)
diff --git a/0029-boost-asm.patch b/0029-boost-asm.patch
new file mode 100644
index 0000000..80ee1fd
--- /dev/null
+++ b/0029-boost-asm.patch
@@ -0,0 +1,61 @@
+--- ceph-17.2.6/src/boost/libs/context/src/asm/make_x86_64_sysv_elf_gas.S.orig	2023-04-30 14:25:35.009605033 -0400
++++ ceph-17.2.6/src/boost/libs/context/src/asm/make_x86_64_sysv_elf_gas.S	2023-04-30 14:28:32.239465067 -0400
+@@ -80,3 +80,18 @@
+ 
+ /* Mark that we don't need executable stack. */
+ .section .note.GNU-stack,"",%progbits
++
++.section .note.gnu.property
++.align=8
++
++        .byte 0x04, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00
++        .byte 0x05, 0x00, 0x00, 0x00, 0x47, 0x4E, 0x55, 0x00
++        .byte 0x00, 0x00, 0x00, 0xC0, 0x04, 0x00, 0x00, 0x00
++        .byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
++        .byte 0x01, 0x00, 0x00, 0xC0, 0x04, 0x00, 0x00, 0x00
++        .byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
++        .byte 0x04, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00
++        .byte 0x05, 0x00, 0x00, 0x00, 0x47, 0x4E, 0x55, 0x00
++        .byte 0x02, 0x00, 0x00, 0xC0, 0x04, 0x00, 0x00, 0x00
++        .byte 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
++
+--- ceph-17.2.6/src/boost/libs/context/src/asm/jump_x86_64_sysv_elf_gas.S.orig	2023-04-30 14:25:35.008605050 -0400
++++ ceph-17.2.6/src/boost/libs/context/src/asm/jump_x86_64_sysv_elf_gas.S	2023-04-30 14:27:50.145210847 -0400
+@@ -89,3 +89,17 @@
+ 
+ /* Mark that we don't need executable stack.  */
+ .section .note.GNU-stack,"",%progbits
++
++.section .note.gnu.property
++.align=8
++
++        .byte 0x04, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00
++        .byte 0x05, 0x00, 0x00, 0x00, 0x47, 0x4E, 0x55, 0x00
++        .byte 0x00, 0x00, 0x00, 0xC0, 0x04, 0x00, 0x00, 0x00
++        .byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
++        .byte 0x01, 0x00, 0x00, 0xC0, 0x04, 0x00, 0x00, 0x00
++        .byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
++        .byte 0x04, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00
++        .byte 0x05, 0x00, 0x00, 0x00, 0x47, 0x4E, 0x55, 0x00
++        .byte 0x02, 0x00, 0x00, 0xC0, 0x04, 0x00, 0x00, 0x00
++        .byte 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+--- ceph-17.2.6/src/boost/libs/context/src/asm/ontop_x86_64_sysv_elf_gas.S.orig	2023-04-30 14:25:35.009605033 -0400
++++ ceph-17.2.6/src/boost/libs/context/src/asm/ontop_x86_64_sysv_elf_gas.S	2023-04-30 14:29:30.402434597 -0400
+@@ -92,3 +92,17 @@
+ 
+ /* Mark that we don't need executable stack.  */
+ .section .note.GNU-stack,"",%progbits
++
++.section .note.gnu.property
++.align=8
++
++        .byte 0x04, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00
++        .byte 0x05, 0x00, 0x00, 0x00, 0x47, 0x4E, 0x55, 0x00
++        .byte 0x00, 0x00, 0x00, 0xC0, 0x04, 0x00, 0x00, 0x00
++        .byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
++        .byte 0x01, 0x00, 0x00, 0xC0, 0x04, 0x00, 0x00, 0x00
++        .byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
++        .byte 0x04, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00
++        .byte 0x05, 0x00, 0x00, 0x00, 0x47, 0x4E, 0x55, 0x00
++        .byte 0x02, 0x00, 0x00, 0xC0, 0x04, 0x00, 0x00, 0x00
++        .byte 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
diff --git a/ceph.spec b/ceph.spec
index 6e72214..663d513 100644
--- a/ceph.spec
+++ b/ceph.spec
@@ -160,7 +160,7 @@
 #################################################################################
 Name:		ceph
 Version:	17.2.6
-Release:	1%{?dist}
+Release:	2%{?dist}
 %if 0%{?fedora} || 0%{?rhel}
 Epoch:		2
 %endif
@@ -193,6 +193,9 @@ Patch0023:	0023-src-s3select-include-s3select_parquet_intrf.h.patch
 Patch0024:	0024-gcc-13.patch
 Patch0025:	0025-selinux-prepare-for-anon-inode-controls-enablement.patch
 Patch0026:	0026-src-boost-libs-python-src-object.patch
+Patch0028:	0028-cmake-modules-BuildBoost.cmake.patch
+Patch0029:	0029-boost-asm.patch
+
 # ceph 14.0.1 does not support 32-bit architectures, bugs #1727788, #1727787
 ExcludeArch:	i686 armv7hl
 %if 0%{?suse_version}
@@ -2617,6 +2620,10 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
 
 %changelog
+* Mon May 1 2023 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 2:17.2.6-1
+- ceph-17.2.6, enable IBT, SHSTK when building bundled boost, librgw.so
+  libceph-common.so
+
 * Fri Apr 7 2023 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 2:17.2.6-1
 - ceph-17.2.6 GA