mirror of
https://abf.rosa.ru/djam/rpm.git
synced 2025-02-23 10:23:04 +00:00
Added hardening macros
This commit is contained in:
Denis Silakov
parent
0bb402fd3e
commit
e545c82e76
3 changed files with 56 additions and 1 deletions
36
rpm-5.4.10-cpu-os-macros-hardening.patch
Normal file
36
rpm-5.4.10-cpu-os-macros-hardening.patch
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
diff -Naur cpu-os-macros.orig/i586-linux/macros cpu-os-macros/i586-linux/macros
|
||||
--- cpu-os-macros.orig/i586-linux/macros 2014-05-22 13:49:34.309259552 +0400
|
||||
+++ cpu-os-macros/i586-linux/macros 2014-05-22 14:41:56.000000000 +0400
|
||||
@@ -6,7 +6,7 @@
|
||||
%_arch i386
|
||||
%_os linux
|
||||
%_gnu -gnu
|
||||
-%optflags %{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fomit-frame-pointer -mtune=generic}%{!?__common_cflags_with_ssp:-O2 -g -m32} -march=i586 -fasynchronous-unwind-tables
|
||||
+%optflags %{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fPIE -pie -fpie -Wformat-security -fomit-frame-pointer -mtune=generic}%{!?__common_cflags_with_ssp:-O2 -g -m32} -march=i586 -fasynchronous-unwind-tables
|
||||
|
||||
#==============================================================================
|
||||
# ---- configure macros.
|
||||
diff -Naur cpu-os-macros.orig/i686-linux/macros cpu-os-macros/i686-linux/macros
|
||||
--- cpu-os-macros.orig/i686-linux/macros 2014-05-22 13:49:34.309259552 +0400
|
||||
+++ cpu-os-macros/i686-linux/macros 2014-05-22 14:41:48.000000000 +0400
|
||||
@@ -6,7 +6,7 @@
|
||||
%_arch i386
|
||||
%_os linux
|
||||
%_gnu -gnu
|
||||
-%optflags %{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fomit-frame-pointer}%{!?__common_cflags_with_ssp:-O2 -g -m32 -mtune=generic} -march=i686 -fasynchronous-unwind-tables
|
||||
+%optflags %{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fomit-frame-pointer -fPIE -pie -fpie -Wformat-security}%{!?__common_cflags_with_ssp:-O2 -g -m32 -mtune=generic} -march=i686 -fasynchronous-unwind-tables
|
||||
|
||||
#==============================================================================
|
||||
# ---- configure macros.
|
||||
diff -Naur cpu-os-macros.orig/x86_64-linux/macros cpu-os-macros/x86_64-linux/macros
|
||||
--- cpu-os-macros.orig/x86_64-linux/macros 2014-05-22 13:49:34.310259552 +0400
|
||||
+++ cpu-os-macros/x86_64-linux/macros 2014-05-22 14:44:09.314521435 +0400
|
||||
@@ -6,7 +6,7 @@
|
||||
%_arch x86_64
|
||||
%_os linux
|
||||
%_gnu -gnu
|
||||
-%optflags %{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fPIC}%{!?__common_cflags_with_ssp:-O2 -g -m64 -mtune=generic}
|
||||
+%optflags %{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fPIE -pie -fpie -Wformat-security -fPIC}%{!?__common_cflags_with_ssp:-O2 -g -m64 -mtune=generic}
|
||||
|
||||
#==============================================================================
|
||||
# ---- configure macros.
|
||||
12
rpm-5.4.10-hardening.patch
Normal file
12
rpm-5.4.10-hardening.patch
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
diff -Naur rpm-5.4.10.orig/macros/mandriva.in rpm-5.4.10/macros/mandriva.in
|
||||
--- rpm-5.4.10.orig/macros/mandriva.in 2014-05-22 14:47:17.000000000 +0400
|
||||
+++ rpm-5.4.10/macros/mandriva.in 2014-05-22 15:03:31.704614385 +0400
|
||||
@@ -352,7 +352,7 @@
|
||||
|
||||
%__libtoolize_configure %{?__libtoolize:(cd $CONFIGURE_TOP; [ ! -f configure.in -a ! -f configure.ac ] || %{__libtoolize} --copy --force)}
|
||||
|
||||
-%ldflags %{?!_disable_ld_as_needed: -Wl,--as-needed}%{?!_disable_ld_no_undefined: -Wl,--no-undefined}%{?!_disable_ld_relro: -Wl,-z,relro}%{?!_disable_ld_O1: -Wl,-O1}%{?!_disable_ld_build_id: -Wl,--build-id}%{?!_disable_ld_enable_new_dtags: -Wl,--enable-new-dtags}%{?!_disable_hash_style_gnu: -Wl,--hash-style=gnu}%{?_hardened_flags: %_hardened_flags}
|
||||
+%ldflags %{?!_disable_ld_as_needed: -Wl,--as-needed}%{?!_disable_ld_no_undefined: -Wl,--no-undefined}%{?!_disable_ld_now: -Wl,-z,now}%{?!_disable_ld_relro: -Wl,-z,relro}%{?!_disable_ld_O1: -Wl,-O1}%{?!_disable_ld_build_id: -Wl,--build-id}%{?!_disable_ld_enable_new_dtags: -Wl,--enable-new-dtags}%{?!_disable_hash_style_gnu: -Wl,--hash-style=gnu}%{?_hardened_flags: %_hardened_flags}
|
||||
|
||||
%setup_compile_flags \
|
||||
CFLAGS="${CFLAGS:-%optflags}" ; export CFLAGS ; \
|
||||
9
rpm.spec
9
rpm.spec
|
|
@ -59,7 +59,7 @@ Summary: The RPM package management system
|
|||
Name: rpm
|
||||
Epoch: 1
|
||||
Version: %{libver}.%{minorver}
|
||||
Release: %{?prereldate:0.%{prereldate}.}28
|
||||
Release: %{?prereldate:0.%{prereldate}.}29
|
||||
License: LGPLv2.1+
|
||||
Group: System/Configuration/Packaging
|
||||
URL: http://rpm5.org/
|
||||
|
|
@ -476,6 +476,10 @@ Patch505: rpm-5.4.10-turn-back-urlgetfile.patch
|
|||
# (see jbj mails in mailing lists)
|
||||
Patch506: rpm-5.4.10-nodejs-dependency-generator.patch
|
||||
|
||||
# Use -fPIE and other hardening flags in builds by default
|
||||
Patch507: rpm-5.4.10-cpu-os-macros-hardening.patch
|
||||
Patch508: rpm-5.4.10-hardening.patch
|
||||
|
||||
BuildRequires: autoconf >= 2.57
|
||||
BuildRequires: bzip2-devel
|
||||
BuildRequires: automake >= 1.8
|
||||
|
|
@ -883,6 +887,8 @@ This package contains the RPM API documentation generated in HTML format.
|
|||
%patch504 -p1 -b .postpone_errors~
|
||||
%patch505 -p1 -b .urlgetfile~
|
||||
%patch506 -p1 -b .nodejs~
|
||||
%patch508 -p1 -b .hardening~
|
||||
|
||||
|
||||
#required by P55, P80, P81, P94..
|
||||
./autogen.sh
|
||||
|
|
@ -890,6 +896,7 @@ This package contains the RPM API documentation generated in HTML format.
|
|||
mkdir -p cpu-os-macros
|
||||
tar -zxf %{SOURCE3} -C cpu-os-macros
|
||||
%patch145 -p1
|
||||
%patch507 -p0 -b .hardening_cpu_os_macros~
|
||||
|
||||
%build
|
||||
%configure2_5x --enable-nls \
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue