diff --git a/tcp_wrappers-7.6-relro.patch b/tcp_wrappers-7.6-relro.patch new file mode 100644 index 0000000..a892540 --- /dev/null +++ b/tcp_wrappers-7.6-relro.patch @@ -0,0 +1,12 @@ +diff -up tcp_wrappers_7.6/Makefile.relro tcp_wrappers_7.6/Makefile +--- tcp_wrappers_7.6/Makefile.relro 2011-08-10 03:33:25.457892277 +0200 ++++ tcp_wrappers_7.6/Makefile 2011-08-10 03:33:39.565892352 +0200 +@@ -726,7 +726,7 @@ $(LIB): $(LIB_OBJ) + -$(RANLIB) $(LIB) + + $(SHLIB): $(LIB_OBJ) +- gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \ ++ gcc -shared -fPIC -Wl,-z,relro -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \ + -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS) + ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR) + ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB) diff --git a/tcp_wrappers.spec b/tcp_wrappers.spec index 9574d79..e8195bf 100644 --- a/tcp_wrappers.spec +++ b/tcp_wrappers.spec @@ -1,7 +1,7 @@ Summary: A security tool which acts as a wrapper for TCP daemons Name: tcp_wrappers Version: 7.6 -Release: 64%{?dist} +Release: 65%{?dist} %define LIB_MAJOR 0 %define LIB_MINOR 7 @@ -36,6 +36,7 @@ Patch21: tcp_wrappers-7.6-196326.patch Patch22: tcp_wrappers_7.6-249430.patch Patch23: tcp_wrappers-7.6-inetdconf.patch Patch24: tcp_wrappers-7.6-bug698464.patch +Patch25: tcp_wrappers-7.6-relro.patch # required by sin_scope_id in ipv6 patch BuildRequires: glibc-devel >= 2.2 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -94,6 +95,7 @@ develop applications with tcp_wrappers support. %patch22 -p1 -b .249430 %patch23 -p1 -b .inetdconf %patch24 -p1 -b .698464 +%patch25 -p1 -b .relro %build make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux @@ -151,6 +153,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man3/* %changelog +* Wed Aug 10 2011 Jan F. Chadima - 7.6-65 +- Add partial relro support for libraries + * Tue May 24 2011 Jan F. Chadima - 7.6-64 - Improve the support for IPv4 /prefix notation (#698464)