2022610 - fix compilation issues reported by annocheck
This commit is contained in:
Zdenek Dohnal
parent
53144ac0a4
commit
2bb84e3551
49
cups-fstack-strong.patch
Normal file
49
cups-fstack-strong.patch
Normal file
@ -0,0 +1,49 @@
|
||||
diff --git a/config-scripts/cups-compiler.m4 b/config-scripts/cups-compiler.m4
|
||||
index 733b06c..bb770f0 100644
|
||||
--- a/config-scripts/cups-compiler.m4
|
||||
+++ b/config-scripts/cups-compiler.m4
|
||||
@@ -123,21 +123,35 @@ if test -n "$GCC"; then
|
||||
OPTIM="-fPIC $OPTIM"
|
||||
fi
|
||||
|
||||
- # The -fstack-protector option is available with some versions of
|
||||
- # GCC and adds "stack canaries" which detect when the return address
|
||||
- # has been overwritten, preventing many types of exploit attacks.
|
||||
- AC_MSG_CHECKING(whether compiler supports -fstack-protector)
|
||||
+ # The -fstack-protector-strong and -fstack-protector options are available
|
||||
+ # with some versions of# GCC and adds "stack canaries" which detect
|
||||
+ # when the return address has been overwritten, preventing many types of exploit attacks.
|
||||
+ # First check for -fstack-protector-strong, then for -fstack-protector...
|
||||
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector-strong])
|
||||
OLDCFLAGS="$CFLAGS"
|
||||
- CFLAGS="$CFLAGS -fstack-protector"
|
||||
- AC_TRY_LINK(,,
|
||||
+ CFLAGS="$CFLAGS -fstack-protector-strong"
|
||||
+ AC_TRY_LINK(,,[
|
||||
if test "x$LSB_BUILD" = xy; then
|
||||
# Can't use stack-protector with LSB binaries...
|
||||
OPTIM="$OPTIM -fno-stack-protector"
|
||||
else
|
||||
- OPTIM="$OPTIM -fstack-protector"
|
||||
+ OPTIM="$OPTIM -fstack-protector-strong"
|
||||
fi
|
||||
- AC_MSG_RESULT(yes),
|
||||
- AC_MSG_RESULT(no))
|
||||
+ AC_MSG_RESULT(yes)
|
||||
+ ], [
|
||||
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector])
|
||||
+ CFLAGS="$OLDCFLAGS -fstack-protector"
|
||||
+ AC_LINK_IFELSE([AC_LANG_PROGRAM()], [
|
||||
+ AS_IF([test "x$LSB_BUILD" = xy], [
|
||||
+ # Can't use stack-protector with LSB binaries...
|
||||
+ OPTIM="$OPTIM -fno-stack-protector"
|
||||
+ ], [
|
||||
+ OPTIM="$OPTIM -fstack-protector"
|
||||
+ ])
|
||||
+ ], [
|
||||
+ AC_MSG_RESULT([no])
|
||||
+ ])
|
||||
+ ])
|
||||
CFLAGS="$OLDCFLAGS"
|
||||
|
||||
if test "x$LSB_BUILD" != xy; then
|
||||
15
cups.spec
15
cups.spec
@ -17,7 +17,7 @@ Summary: CUPS printing system
|
||||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.3.3%{OP_VER}
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: ASL 2.0
|
||||
Url: https://openprinting.github.io/cups/
|
||||
# Apple stopped uploading the new versions into github, use OpenPrinting fork
|
||||
@ -95,6 +95,8 @@ Patch22: cups-restart-job-hold-until.patch
|
||||
Patch23: 0001-cups-md5passwd.c-Stub-out-httpMD5-functions.patch
|
||||
# 2019845 - Add more warning messages about drivers going deprecated
|
||||
Patch24: cups-deprecate-drivers-webui.patch
|
||||
# 2022610 - compile with -fstack-protector-strong if available
|
||||
Patch25: cups-fstack-strong.patch
|
||||
|
||||
##### Patches removed because IMHO they aren't no longer needed
|
||||
##### but still I'll leave them in git in case their removal
|
||||
@ -318,6 +320,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
|
||||
%patch23 -p1 -b .no-httpmd5
|
||||
# 2019845 - Add more warning messages about drivers going deprecated
|
||||
%patch24 -p1 -b .deprecated-drivers-webui
|
||||
# 2022610 - compile with fstack-protector-strong if available
|
||||
%patch25 -p1 -b .fstack-strong
|
||||
|
||||
|
||||
%if %{lspp}
|
||||
@ -343,8 +347,10 @@ autoconf -f -I config-scripts
|
||||
export CC=%{__cc}
|
||||
export CXX=%{__cxx}
|
||||
# add Fedora specific flags to DSOFLAGS
|
||||
export DSOFLAGS="$DSOFLAGS -L../cgi-bin -L../filter -L../ppdc -L../scheduler -Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-z,relro,-z,now -fPIE -pie"
|
||||
export CFLAGS="$RPM_OPT_FLAGS -fstack-protector-all -DLDAP_DEPRECATED=1"
|
||||
export DSOFLAGS="$DSOFLAGS $RPM_LD_FLAGS"
|
||||
export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -DLDAP_DEPRECATED=1"
|
||||
export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -DLDAP_DEPRECATED=1"
|
||||
export LDFLAGS="$LDFLAGS $RPM_LD_FLAGS -Wall -fstack-clash-protection -D_FORTIFY_SOURCE=2"
|
||||
# --enable-debug to avoid stripping binaries
|
||||
%configure --with-docdir=%{_datadir}/%{name}/www --enable-debug \
|
||||
%if %{lspp}
|
||||
@ -667,6 +673,9 @@ rm -f %{cups_serverbin}/backend/smb
|
||||
%{_mandir}/man7/ippeveps.7.gz
|
||||
|
||||
%changelog
|
||||
* Fri Nov 12 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-10
|
||||
- 2022610 - fix compilation issues reported by annocheck
|
||||
|
||||
* Thu Nov 04 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-9
|
||||
- stubbed out deprecated httpMD5 functions
|
||||
- 2019845 - Add more warning messages about drivers going deprecated (web ui part)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user