From 75a86a6d6d5daed5f653a61364c13ddbf00cb918 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 8 Mar 2018 10:34:40 +0100 Subject: [PATCH] Properly inject LDFLAGS and handle hardening system-wide (#1548669) --- tcp_wrappers-7.6-ldflags.patch | 14 ++++++++++---- tcp_wrappers-7.6-relro.patch | 12 ------------ tcp_wrappers.spec | 6 ++---- 3 files changed, 12 insertions(+), 20 deletions(-) delete mode 100644 tcp_wrappers-7.6-relro.patch diff --git a/tcp_wrappers-7.6-ldflags.patch b/tcp_wrappers-7.6-ldflags.patch index 5d676f8..9af2a8a 100644 --- a/tcp_wrappers-7.6-ldflags.patch +++ b/tcp_wrappers-7.6-ldflags.patch @@ -1,7 +1,13 @@ -diff -up tcp_wrappers_7.6/Makefile.patch14 tcp_wrappers_7.6/Makefile ---- tcp_wrappers_7.6/Makefile.patch14 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200 -@@ -732,26 +732,26 @@ $(SHLIB): $(LIB_OBJ) +diff -up tcp_wrappers_7.6-ipv6.4/Makefile.cflags tcp_wrappers_7.6-ipv6.4/Makefile +--- tcp_wrappers_7.6-ipv6.4/Makefile.cflags 2018-03-08 09:59:29.854718081 +0100 ++++ tcp_wrappers_7.6-ipv6.4/Makefile 2018-03-08 09:59:49.282840150 +0100 +@@ -741,31 +741,31 @@ $(LIB): $(LIB_OBJ) + + $(SHLIB): $(LIB_OBJ) + gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \ +- -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS) ++ -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LDFLAGS) $(LIBS) + ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR) ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB) tcpd: tcpd.o $(LIB) diff --git a/tcp_wrappers-7.6-relro.patch b/tcp_wrappers-7.6-relro.patch deleted file mode 100644 index a892540..0000000 --- a/tcp_wrappers-7.6-relro.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up tcp_wrappers_7.6/Makefile.relro tcp_wrappers_7.6/Makefile ---- tcp_wrappers_7.6/Makefile.relro 2011-08-10 03:33:25.457892277 +0200 -+++ tcp_wrappers_7.6/Makefile 2011-08-10 03:33:39.565892352 +0200 -@@ -726,7 +726,7 @@ $(LIB): $(LIB_OBJ) - -$(RANLIB) $(LIB) - - $(SHLIB): $(LIB_OBJ) -- gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \ -+ gcc -shared -fPIC -Wl,-z,relro -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \ - -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS) - ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR) - ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB) diff --git a/tcp_wrappers.spec b/tcp_wrappers.spec index be4d613..5621e70 100644 --- a/tcp_wrappers.spec +++ b/tcp_wrappers.spec @@ -33,7 +33,6 @@ Patch21: tcp_wrappers-7.6-196326.patch Patch22: tcp_wrappers_7.6-249430.patch Patch23: tcp_wrappers-7.6-inetdconf.patch Patch24: tcp_wrappers-7.6-bug698464.patch -Patch25: tcp_wrappers-7.6-relro.patch Patch26: tcp_wrappers-7.6-xgets.patch Patch27: tcp_wrappers-7.6-initgroups.patch Patch28: tcp_wrappers-7.6-warnings.patch @@ -78,7 +77,7 @@ tcp_wrappers-libs contains the libraries of the tcp_wrappers package. %patch9 -p1 -b .usagi-ipv6 %patch11 -p1 -b .shared %patch12 -p1 -b .sig -%patch14 -p1 -b .cflags +%patch14 -p1 -b .ldflags %patch15 -p1 -b .fix_sig %patch16 -p1 -b .162412 %patch17 -p1 -b .220015 @@ -88,7 +87,6 @@ tcp_wrappers-libs contains the libraries of the tcp_wrappers package. %patch22 -p1 -b .249430 %patch23 -p1 -b .inetdconf %patch24 -p1 -b .698464 -%patch25 -p1 -b .relro %patch26 -p1 -b .xgets %patch27 -p1 -b .initgroups %patch29 -p1 -b .uchart_fix @@ -99,7 +97,7 @@ tcp_wrappers-libs contains the libraries of the tcp_wrappers package. %build make \ RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR -DACLEXEC" \ -LDFLAGS="-pie -z relro -z now" \ +LDFLAGS="$RPM_LD_FLAGS" \ MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux %{?_smp_mflags}