From e04bd964a3b2989a6001e02d36428f317ba6803b Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 13 Jan 2014 12:45:57 -0700 Subject: [PATCH] Update libtool hardening hack and re-enable (#978949) --- ...-config-9.1.0-libtool-hardened-build.patch | 45 ++++++++++--------- redhat-rpm-config.spec | 7 ++- 2 files changed, 30 insertions(+), 22 deletions(-) diff --git a/redhat-rpm-config-9.1.0-libtool-hardened-build.patch b/redhat-rpm-config-9.1.0-libtool-hardened-build.patch index 03e85b3..28c77c6 100644 --- a/redhat-rpm-config-9.1.0-libtool-hardened-build.patch +++ b/redhat-rpm-config-9.1.0-libtool-hardened-build.patch @@ -1,25 +1,30 @@ ---- redhat-rpm-config-9.1.0.orig/macros -+++ redhat-rpm-config-9.1.0/macros -@@ -28,7 +28,7 @@ +diff -Nur redhat-rpm-config-9.1.0.orig/macros redhat-rpm-config-9.1.0/macros +--- redhat-rpm-config-9.1.0.orig/macros 2014-01-12 11:24:18.866139925 -0700 ++++ redhat-rpm-config-9.1.0/macros 2014-01-12 11:26:28.182832378 -0700 +@@ -29,6 +29,7 @@ + #============================================================================== # ---- configure and makeinstall. # ++%_configure_libtool_hardening_hack 1 %_configure ./configure --%configure \ -+%configure(--:-:ChnqV) \ + %configure \ CFLAGS="${CFLAGS:-%optflags}" ; export CFLAGS ; \ - CXXFLAGS="${CXXFLAGS:-%optflags}" ; export CXXFLAGS ; \ - FFLAGS="${FFLAGS:-%optflags -I%_fmoddir}" ; export FFLAGS ; \ -@@ -52,7 +52,12 @@ - --localstatedir=%{_localstatedir} \\\ - --sharedstatedir=%{_sharedstatedir} \\\ - --mandir=%{_mandir} \\\ -- --infodir=%{_infodir} -+ --infodir=%{_infodir} \\\ -+ %{**} ; \ -+ [[ -f ./libtool && "x%{?%_hardened_ldflags}" != "x" ]] && \\\ -+ sed -i \\\ -+ -e 's! \\\\\\$compiler_flags !&%{?%_hardened_ldflags} !g' \\\ -+ ./libtool ; +@@ -39,6 +40,10 @@ + for i in $(find . -name config.guess -o -name config.sub) ; do \ + [ -f /usr/lib/rpm/redhat/$(basename $i) ] && %{__rm} -f $i && %{__cp} -fv /usr/lib/rpm/redhat/$(basename $i) $i ; \ + done ; \ ++ [ "%_configure_libtool_hardening_hack" = 1 ] && [ x != "x%{_hardened_ldflags}" ] && \ ++ for i in $(find . -name ltmain.sh) ; do \ ++ %{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i \ ++ done ; \ + %{_configure} --build=%{_build} --host=%{_host} \\\ + --program-prefix=%{?_program_prefix} \\\ + --disable-dependency-tracking \\\ +@@ -174,6 +179,7 @@ + %__find_requires /usr/lib/rpm/redhat/find-requires - %makeinstall \ - %{__make} \\\ + %_hardening_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 ++# we don't escape symbols '~', '"', etc. so be careful when changing this + %_hardening_ldflags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld + + #_hardened_build 0 diff --git a/redhat-rpm-config.spec b/redhat-rpm-config.spec index b722db5..2efda02 100644 --- a/redhat-rpm-config.spec +++ b/redhat-rpm-config.spec @@ -1,7 +1,7 @@ Summary: Red Hat specific rpm configuration files Name: redhat-rpm-config Version: 9.1.0 -Release: 55%{?dist} +Release: 56%{?dist} # No version specified. License: GPL+ Group: Development/System @@ -110,7 +110,7 @@ Red Hat specific rpm configuration files. %patch22 -p1 %patch23 -p1 %patch24 -p1 -#%patch25 -p1 +%patch25 -p1 # Only make docs change in Fedora 20+ %if 0%{?fedora} >= 20 %patch26 -p1 @@ -137,6 +137,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_sysconfdir}/rpm/* %changelog +* Sun Jan 12 2014 Kevin Fenzi 9.1.0-56 +- Update libtool hardening hack and re-enable (#978949) + * Wed Dec 18 2013 Dhiru Kholia - 9.1.0-55 - Enable "-Werror=format-security" by default (#1043495)