rpms/cups
7
0
Fork 0
Code Issues Pull Requests Releases Activity

2022365 - Annocheck fails due incorrect flags during compilation/linking

Browse Source 
Resolves: rhbz#2022365
This commit is contained in:
Zdenek Dohnal 2021-11-12 08:48:27 +01:00
parent 668a6fd4d4
commit d3e0a6390d
2 changed files with 61 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
cups-fstack-strong.patch Normal file
View File

@ -0,0 +1,49 @@
diff --git a/config-scripts/cups-compiler.m4 b/config-scripts/cups-compiler.m4
index 733b06c..bb770f0 100644
--- a/config-scripts/cups-compiler.m4
+++ b/config-scripts/cups-compiler.m4
@@ -123,21 +123,35 @@ if test -n "$GCC"; then
OPTIM="-fPIC $OPTIM"
fi
- # The -fstack-protector option is available with some versions of
- # GCC and adds "stack canaries" which detect when the return address
- # has been overwritten, preventing many types of exploit attacks.
- AC_MSG_CHECKING(whether compiler supports -fstack-protector)
+ # The -fstack-protector-strong and -fstack-protector options are available
+ # with some versions of# GCC and adds "stack canaries" which detect
+ # when the return address has been overwritten, preventing many types of exploit attacks.
+ # First check for -fstack-protector-strong, then for -fstack-protector...
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector-strong])
OLDCFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -fstack-protector"
- AC_TRY_LINK(,,
+ CFLAGS="$CFLAGS -fstack-protector-strong"
+ AC_TRY_LINK(,,[
if test "x$LSB_BUILD" = xy; then
# Can't use stack-protector with LSB binaries...
OPTIM="$OPTIM -fno-stack-protector"
else
- OPTIM="$OPTIM -fstack-protector"
+ OPTIM="$OPTIM -fstack-protector-strong"
fi
- AC_MSG_RESULT(yes),
- AC_MSG_RESULT(no))
+ AC_MSG_RESULT(yes)
+ ], [
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector])
+ CFLAGS="$OLDCFLAGS -fstack-protector"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM()], [
+ AS_IF([test "x$LSB_BUILD" = xy], [
+ # Can't use stack-protector with LSB binaries...
+ OPTIM="$OPTIM -fno-stack-protector"
+ ], [
+ OPTIM="$OPTIM -fstack-protector"
+ ])
+ ], [
+ AC_MSG_RESULT([no])
+ ])
+ ])
CFLAGS="$OLDCFLAGS"
if test "x$LSB_BUILD" != xy; then

15
cups.spec
View File

@ -17,7 +17,7 @@ Summary: CUPS printing system
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.3.3%{OP_VER} Version: 2.3.3%{OP_VER}
Release: 9%{?dist} Release: 10%{?dist}
License: ASL 2.0 License: ASL 2.0
Url: http://www.cups.org/ Url: http://www.cups.org/
# Apple stopped uploading the new versions into github, use OpenPrinting fork # Apple stopped uploading the new versions into github, use OpenPrinting fork
@ -84,6 +84,8 @@ Patch18: 0001-cgi-bin-ipp-var.c-Use-guest-user-for-Move-Job-when-n.patch
Patch19: 0001-scheduler-job.c-use-gziptoany-for-raw-files-not-just.patch Patch19: 0001-scheduler-job.c-use-gziptoany-for-raw-files-not-just.patch
# 2006713 - Trying to restart and hold a job doesn't work # 2006713 - Trying to restart and hold a job doesn't work
Patch20: cups-restart-job-hold-until.patch Patch20: cups-restart-job-hold-until.patch
# 2022365 - Annocheck fails due incorrect flags during compilation/linking
Patch21: cups-fstack-strong.patch
##### Patches removed because IMHO they aren't no longer needed ##### Patches removed because IMHO they aren't no longer needed
##### but still I'll leave them in git in case their removal ##### but still I'll leave them in git in case their removal
@ -299,6 +301,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
%patch19 -p1 -b .banner-rawfiles %patch19 -p1 -b .banner-rawfiles
# 2006713 - Trying to restart and hold a job doesn't work # 2006713 - Trying to restart and hold a job doesn't work
%patch20 -p1 -b .restart-hold-job %patch20 -p1 -b .restart-hold-job
# 2022365 - Annocheck fails due incorrect flags during compilation/linking
%patch21 -p1 -b .fstack-strong
%if %{lspp} %if %{lspp}
@ -324,8 +328,10 @@ autoconf -f -I config-scripts
export CC=%{__cc} export CC=%{__cc}
export CXX=%{__cxx} export CXX=%{__cxx}
# add Fedora specific flags to DSOFLAGS # add Fedora specific flags to DSOFLAGS
export DSOFLAGS="$DSOFLAGS -L../cgi-bin -L../filter -L../ppdc -L../scheduler -Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-z,relro,-z,now -fPIE -pie" export DSOFLAGS="$DSOFLAGS $RPM_LD_FLAGS"
export CFLAGS="$RPM_OPT_FLAGS -fstack-protector-all -DLDAP_DEPRECATED=1" export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -DLDAP_DEPRECATED=1"
export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -DLDAP_DEPRECATED=1"
export LDFLAGS="$LDFLAGS $RPM_LD_FLAGS -Wall -fstack-clash-protection -D_FORTIFY_SOURCE=2"
# --enable-debug to avoid stripping binaries # --enable-debug to avoid stripping binaries
%configure --with-docdir=%{_datadir}/%{name}/www --enable-debug \ %configure --with-docdir=%{_datadir}/%{name}/www --enable-debug \
%if %{lspp} %if %{lspp}
@ -696,6 +702,9 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man7/ippeveps.7.gz %{_mandir}/man7/ippeveps.7.gz
%changelog %changelog
* Fri Nov 12 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-10
- 2022365 - Annocheck fails due incorrect flags during compilation/linking
* Wed Nov 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-9 * Wed Nov 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-9
- 2018948 - Unauthenticated users can't move print jobs in Web UI - 2018948 - Unauthenticated users can't move print jobs in Web UI
- 1999955 - Printing of banner before PCL file only prints banner - 1999955 - Printing of banner before PCL file only prints banner