Link libaesni-intel-samba4.so with -z noexecstack

resolves: #1520163
2017-12-04 11:07:08 +01:00 · 2017-12-04 11:07:08 +01:00 · 94723f8841
parent 83f86d94f0
commit 94723f8841
2 changed files with 43 additions and 1 deletions
--- a/samba-4.7-fix-linking-aesni-intel.patch
+++ b/samba-4.7-fix-linking-aesni-intel.patch
@ -0,0 +1,38 @@
+From 0f6d676a74818fc1a3d59c2238bd3752470fdc40 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de>
+Date: Mon, 4 Dec 2017 10:49:19 +0100
+Subject: [PATCH] third_party: Link th aesni-intel library with -z noexecstack
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174
+
+Signed-off-by: Björn Baumbach <bb@sernet.de>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ third_party/aesni-intel/wscript | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/third_party/aesni-intel/wscript b/third_party/aesni-intel/wscript
+index eb92d6626fe..f11cf9446a2 100644
+--- a/third_party/aesni-intel/wscript
+++ b/third_party/aesni-intel/wscript
+@@ -12,6 +12,8 @@ def configure(conf):
+                 raise Utils.WafError('--aes-accel=intelaesni selected and non x86_64 CPU')
+         else:
+             raise Utils.WafError('--aes-accel=intelaesni selected and compiler rejects -Wp,-E,-lang-asm')
+        if not conf.CHECK_LDFLAGS('-z noexecstack'):
+            raise Utils.WafError('--aes-accel=intelaesni selected and linker rejects -z noexecstack')
+ 
+ def build(bld):
+     if not bld.CONFIG_SET('HAVE_AESNI_INTEL'):
+@@ -20,4 +22,5 @@ def build(bld):
+     bld.SAMBA_LIBRARY('aesni-intel',
+         source='aesni-intel_asm.c',
+         cflags='-Wp,-E,-lang-asm',
+        ldflags='-z noexecstack',
+         private_library=True)
+-- 
+2.15.0
+
--- a/samba.spec
+++ b/samba.spec
@ -6,7 +6,7 @@
 # ctdb is enabled by default, you can disable it with: --without clustering
 %bcond_without clustering

-%define main_release 2
+%define main_release 3

 %define samba_version 4.7.3
 %define talloc_version 2.1.10
@ -117,6 +117,7 @@ Source201: README.downgrade
 Patch0: samba-4.7.0-bind_dlz.patch
 Patch1: samba-4.7.0-support-krb5-1.16.patch
 Patch2: samba-4.7-fix_samba_with_systemd.patch
+Patch3: samba-4.7-fix-linking-aesni-intel.patch

 Requires(pre): /usr/sbin/groupadd
 Requires(post): systemd
@ -3386,6 +3387,9 @@ rm -rf %{buildroot}
 %endif # with_clustering_support

 %changelog
+* Mon Dec 04 2017 Andreas Schneider <asn@redhat.com> - 4.7.3-3
+- resolves: #1520163 - Link libaesni-intel-samba4.so with -z noexecstack
+
 * Thu Nov 30 2017 Andreas Schneider <asn@redhat.com> - 4.7.3-2
 - Fix deamon startup with systemd