commit
2adf79112c
|
@ -0,0 +1,80 @@
|
||||||
|
diff -up ppp-2.4.5/chat/Makefile.linux.hardened ppp-2.4.5/chat/Makefile.linux
|
||||||
|
--- ppp-2.4.5/chat/Makefile.linux.hardened 2013-07-28 16:36:54.379766667 +0200
|
||||||
|
+++ ppp-2.4.5/chat/Makefile.linux 2013-07-28 16:37:25.816760232 +0200
|
||||||
|
@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep fun
|
||||||
|
CDEF4= -DFNDELAY=O_NDELAY # Old name value
|
||||||
|
CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
|
||||||
|
|
||||||
|
-COPTS= $(RPM_OPT_FLAGS)
|
||||||
|
+COPTS= $(RPM_OPT_FLAGS) -fPIE
|
||||||
|
CFLAGS= $(COPTS) $(CDEFS)
|
||||||
|
|
||||||
|
INSTALL= install
|
||||||
|
@@ -18,7 +18,7 @@ INSTALL= install
|
||||||
|
all: chat
|
||||||
|
|
||||||
|
chat: chat.o
|
||||||
|
- $(CC) -pie -o chat chat.o
|
||||||
|
+ $(CC) -z now -pie -o chat chat.o
|
||||||
|
|
||||||
|
chat.o: chat.c
|
||||||
|
$(CC) -c $(CFLAGS) -o chat.o chat.c
|
||||||
|
diff -up ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux.hardened ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux
|
||||||
|
--- ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux.hardened 2013-07-28 16:38:50.454744701 +0200
|
||||||
|
+++ ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux 2013-07-28 16:39:30.297737993 +0200
|
||||||
|
@@ -27,11 +27,11 @@ INSTALL = install
|
||||||
|
RP_VERSION=3.8p
|
||||||
|
|
||||||
|
COPTS=$(RPM_OPT_FLAGS)
|
||||||
|
-CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
|
||||||
|
+CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' -fPIE
|
||||||
|
all: rp-pppoe.so pppoe-discovery
|
||||||
|
|
||||||
|
pppoe-discovery: pppoe-discovery.o debug.o
|
||||||
|
- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o
|
||||||
|
+ $(CC) -z now -pie -o pppoe-discovery pppoe-discovery.o debug.o
|
||||||
|
|
||||||
|
pppoe-discovery.o: pppoe-discovery.c
|
||||||
|
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
|
||||||
|
diff -up ppp-2.4.5/pppdump/Makefile.linux.hardened ppp-2.4.5/pppdump/Makefile.linux
|
||||||
|
--- ppp-2.4.5/pppdump/Makefile.linux.hardened 2013-07-28 16:38:09.270751992 +0200
|
||||||
|
+++ ppp-2.4.5/pppdump/Makefile.linux 2013-07-28 16:38:34.296747511 +0200
|
||||||
|
@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
|
||||||
|
BINDIR = $(DESTDIR)/sbin
|
||||||
|
MANDIR = $(DESTDIR)/share/man/man8
|
||||||
|
|
||||||
|
-CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
|
||||||
|
+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net -fPIE
|
||||||
|
OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
|
||||||
|
|
||||||
|
INSTALL= install
|
||||||
|
@@ -10,7 +10,7 @@ INSTALL= install
|
||||||
|
all: pppdump
|
||||||
|
|
||||||
|
pppdump: $(OBJS)
|
||||||
|
- $(CC) -o pppdump $(OBJS)
|
||||||
|
+ $(CC) -z now -pie -o pppdump $(OBJS)
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f pppdump $(OBJS) *~
|
||||||
|
diff -up ppp-2.4.5/pppstats/Makefile.linux.hardened ppp-2.4.5/pppstats/Makefile.linux
|
||||||
|
--- ppp-2.4.5/pppstats/Makefile.linux.hardened 2013-07-28 16:40:28.737728584 +0200
|
||||||
|
+++ ppp-2.4.5/pppstats/Makefile.linux 2013-07-28 16:40:49.130725389 +0200
|
||||||
|
@@ -11,7 +11,7 @@ PPPSTATOBJS = pppstats.o
|
||||||
|
|
||||||
|
#CC = gcc
|
||||||
|
COPTS = $(RPM_OPT_FLAGS)
|
||||||
|
-COMPILE_FLAGS = -I../include
|
||||||
|
+COMPILE_FLAGS = -I../include -fPIE
|
||||||
|
LIBS =
|
||||||
|
|
||||||
|
INSTALL= install
|
||||||
|
@@ -26,7 +26,7 @@ install: pppstats
|
||||||
|
$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
|
||||||
|
|
||||||
|
pppstats: $(PPPSTATSRCS)
|
||||||
|
- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
|
||||||
|
+ $(CC) $(CFLAGS) -z now -pie -o pppstats pppstats.c $(LIBS)
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f pppstats *~ #* core
|
33
ppp.spec
33
ppp.spec
|
@ -1,7 +1,9 @@
|
||||||
|
%global _hardened_build 1
|
||||||
|
|
||||||
Summary: The Point-to-Point Protocol daemon
|
Summary: The Point-to-Point Protocol daemon
|
||||||
Name: ppp
|
Name: ppp
|
||||||
Version: 2.4.5
|
Version: 2.4.5
|
||||||
Release: 30%{?dist}
|
Release: 31%{?dist}
|
||||||
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
URL: http://www.samba.org/ppp
|
URL: http://www.samba.org/ppp
|
||||||
|
@ -35,10 +37,10 @@ Patch31: ppp-2.4.5-lock.patch
|
||||||
Patch32: ppp-2.4.5-l2tp-multilink.patch
|
Patch32: ppp-2.4.5-l2tp-multilink.patch
|
||||||
Patch33: ppp-2.4.5-radius-config.patch
|
Patch33: ppp-2.4.5-radius-config.patch
|
||||||
Patch34: ppp-2.4.5-crypt.patch
|
Patch34: ppp-2.4.5-crypt.patch
|
||||||
|
Patch35: ppp-2.4.5-hardened.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRequires: pam-devel, libpcap-devel, openssl-devel, systemd
|
||||||
BuildRequires: pam-devel, libpcap-devel, openssl-devel
|
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
|
||||||
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6 systemd-units
|
|
||||||
Requires(pre): /usr/bin/getent
|
Requires(pre): /usr/bin/getent
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
|
|
||||||
|
@ -88,6 +90,7 @@ This package contains the header files for building plugins for ppp.
|
||||||
%patch32 -p1 -b .l2tp-multilink
|
%patch32 -p1 -b .l2tp-multilink
|
||||||
%patch33 -p1 -b .radius
|
%patch33 -p1 -b .radius
|
||||||
%patch34 -p1 -b .crypt
|
%patch34 -p1 -b .crypt
|
||||||
|
%patch35 -p1 -b .hardened
|
||||||
|
|
||||||
rm -f scripts/*.local
|
rm -f scripts/*.local
|
||||||
rm -f scripts/*.change_resolv_conf
|
rm -f scripts/*.change_resolv_conf
|
||||||
|
@ -119,8 +122,8 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/ppp
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/ppp
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/ppp
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lock/ppp
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lock/ppp
|
||||||
|
|
||||||
install -d -m 755 $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d
|
install -d -m 755 $RPM_BUILD_ROOT%{_tmpfilesdir}
|
||||||
install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/ppp.conf
|
install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_tmpfilesdir}/ppp.conf
|
||||||
|
|
||||||
# Logrotate script
|
# Logrotate script
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
|
||||||
|
@ -129,6 +132,9 @@ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/ppp
|
||||||
%pre
|
%pre
|
||||||
getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
||||||
|
|
||||||
|
%post
|
||||||
|
mkdir -p %{_localstatedir}/lock/ppp
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_sbindir}/chat
|
%{_sbindir}/chat
|
||||||
|
@ -146,10 +152,9 @@ getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
||||||
%{_libdir}/pppd
|
%{_libdir}/pppd
|
||||||
%dir %{_sysconfdir}/ppp
|
%dir %{_sysconfdir}/ppp
|
||||||
%dir %{_localstatedir}/run/ppp
|
%dir %{_localstatedir}/run/ppp
|
||||||
%dir %{_localstatedir}/lock/ppp
|
%ghost %dir %{_localstatedir}/lock/ppp
|
||||||
%dir %{_sysconfdir}/logrotate.d
|
%dir %{_sysconfdir}/logrotate.d
|
||||||
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
|
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
|
||||||
%config %{_prefix}/lib/tmpfiles.d/ppp.conf
|
|
||||||
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
|
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
|
||||||
%config(noreplace) %{_sysconfdir}/ppp/eaptls-server
|
%config(noreplace) %{_sysconfdir}/ppp/eaptls-server
|
||||||
%config(noreplace) %{_sysconfdir}/ppp/chap-secrets
|
%config(noreplace) %{_sysconfdir}/ppp/chap-secrets
|
||||||
|
@ -157,6 +162,7 @@ getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
||||||
%config(noreplace) %{_sysconfdir}/ppp/pap-secrets
|
%config(noreplace) %{_sysconfdir}/ppp/pap-secrets
|
||||||
%config(noreplace) %{_sysconfdir}/pam.d/ppp
|
%config(noreplace) %{_sysconfdir}/pam.d/ppp
|
||||||
%config(noreplace) %{_sysconfdir}/logrotate.d/ppp
|
%config(noreplace) %{_sysconfdir}/logrotate.d/ppp
|
||||||
|
%{_tmpfilesdir}/ppp.conf
|
||||||
%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls
|
%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
|
@ -165,6 +171,13 @@ getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
||||||
%doc PLUGINS
|
%doc PLUGINS
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 30 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-31
|
||||||
|
- don't ship /var/lock/ppp in rpm payload and create it in %post instead
|
||||||
|
- fix installation of tmpfiles.d configuration
|
||||||
|
- enable hardened build
|
||||||
|
- fix bogus dates in changelog
|
||||||
|
- compile all binaries with hardening flags
|
||||||
|
|
||||||
* Thu Jul 04 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-30
|
* Thu Jul 04 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-30
|
||||||
- fix possible NULL pointer dereferencing
|
- fix possible NULL pointer dereferencing
|
||||||
|
|
||||||
|
@ -387,7 +400,7 @@ getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
||||||
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
||||||
- rebuilt
|
- rebuilt
|
||||||
|
|
||||||
* Wed May 24 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-2.3
|
* Mon May 24 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-2.3
|
||||||
- Enable IPv6 support. Disable PIE to avoid bogus Provides:
|
- Enable IPv6 support. Disable PIE to avoid bogus Provides:
|
||||||
|
|
||||||
* Fri May 14 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-2.2
|
* Fri May 14 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-2.2
|
||||||
|
@ -509,7 +522,7 @@ getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
||||||
* Fri Apr 09 1999 Cristian Gafton <gafton@redhat.com>
|
* Fri Apr 09 1999 Cristian Gafton <gafton@redhat.com>
|
||||||
- force pppd use the glibc's logwtmp instead of implementing its own
|
- force pppd use the glibc's logwtmp instead of implementing its own
|
||||||
|
|
||||||
* Wed Apr 01 1999 Preston Brown <pbrown@redhat.com>
|
* Thu Apr 01 1999 Preston Brown <pbrown@redhat.com>
|
||||||
- version 2.3.7 bugfix release
|
- version 2.3.7 bugfix release
|
||||||
|
|
||||||
* Tue Mar 23 1999 Cristian Gafton <gafton@redhat.com>
|
* Tue Mar 23 1999 Cristian Gafton <gafton@redhat.com>
|
||||||
|
|
Loading…
Reference in New Issue