Make the daemon a PIE executable
This commit is contained in:
Matthias Clasen
parent
dd7f53f572
commit
726498e2d4
87
dbus-pie.patch
Normal file
87
dbus-pie.patch
Normal file
@ -0,0 +1,87 @@
|
||||
From: John (J5) Palmieri <johnp@redhat.com>
|
||||
Date: Wed, 3 Oct 2007 19:21:57 +0000 (-0400)
|
||||
Subject: Correctly implement -fPIC and -fPIE
|
||||
X-Git-Url: http://gitweb.freedesktop.org/?p=dbus/dbus.git;a=commitdiff;h=8a92100bbed2ba5cb16a1ede36214fa7d2f43e43
|
||||
|
||||
Correctly implement -fPIC and -fPIE
|
||||
|
||||
* For security reasons we want possition independent code for libraries
|
||||
and possition independent executable for executables
|
||||
* before we were just enabling -fPIC
|
||||
* now we correctly enable -fPIC and -PIE for libdbus and the bus respectively
|
||||
* propper LD_FLAGS are set for each also
|
||||
---
|
||||
|
||||
--- a/bus/Makefile.am
|
||||
+++ b/bus/Makefile.am
|
||||
@@ -1,7 +1,7 @@
|
||||
|
||||
configdir=$(sysconfdir)/dbus-1
|
||||
|
||||
-INCLUDES=-I$(top_srcdir) $(DBUS_BUS_CFLAGS) \
|
||||
+INCLUDES=-I$(top_srcdir) $(DBUS_BUS_CFLAGS) @PIE_CFLAGS@ \
|
||||
-DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \
|
||||
-DDAEMON_NAME=\"dbus-daemon\" -DDBUS_COMPILATION
|
||||
|
||||
@@ -77,7 +77,7 @@ dbus_daemon_LDADD= \
|
||||
$(DBUS_BUS_LIBS) \
|
||||
$(top_builddir)/dbus/libdbus-convenience.la
|
||||
|
||||
-dbus_daemon_LDFLAGS=@R_DYNAMIC_LDFLAG@ @SECTION_LDFLAGS@
|
||||
+dbus_daemon_LDFLAGS=@R_DYNAMIC_LDFLAG@ @SECTION_LDFLAGS@ @PIE_LDFLAGS@
|
||||
|
||||
LAUNCH_HELPER_SOURCES= \
|
||||
$(XML_SOURCES) \
|
||||
--- a/configure.in
|
||||
+++ b/configure.in
|
||||
@@ -211,7 +211,17 @@ if test "x$GCC" = "xyes"; then
|
||||
case " $CFLAGS " in
|
||||
*[\ \ ]-fPIC[\ \ ]*) ;;
|
||||
*) if cc_supports_flag -fPIC; then
|
||||
- CFLAGS="$CFLAGS -fPIC"
|
||||
+ PIC_CFLAGS="-fPIC"
|
||||
+ PIC_LDFLAGS="-Wl,-z,relro"
|
||||
+ fi
|
||||
+ ;;
|
||||
+ esac
|
||||
+
|
||||
+ case " $CFLAGS " in
|
||||
+ *[\ \ ]-fPIE[\ \ ]*) ;;
|
||||
+ *) if cc_supports_flag -fPIE; then
|
||||
+ PIE_CFLAGS="-fPIE"
|
||||
+ PIE_LDFLAGS="-pie -Wl,-z,relro"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
@@ -257,6 +267,11 @@ else
|
||||
fi
|
||||
fi
|
||||
|
||||
+AC_SUBST(PIC_CFLAGS)
|
||||
+AC_SUBST(PIC_LDFLAGS)
|
||||
+AC_SUBST(PIE_CFLAGS)
|
||||
+AC_SUBST(PIE_LDFLAGS)
|
||||
+
|
||||
# Check for -Wl,--gc-sections
|
||||
AC_MSG_CHECKING([for ld that supports "-Wl,--gc-sections"])
|
||||
AC_TRY_LINK([
|
||||
--- a/dbus/Makefile.am
|
||||
+++ b/dbus/Makefile.am
|
||||
@@ -1,7 +1,7 @@
|
||||
|
||||
configdir=$(sysconfdir)/dbus-1
|
||||
|
||||
-INCLUDES=-I$(top_builddir) -I$(top_srcdir) $(DBUS_CLIENT_CFLAGS) -DDBUS_COMPILATION \
|
||||
+INCLUDES=-I$(top_builddir) -I$(top_srcdir) $(DBUS_CLIENT_CFLAGS) @PIC_CFLAGS@ -DDBUS_COMPILATION \
|
||||
-DDBUS_MACHINE_UUID_FILE=\""$(localstatedir)/lib/dbus/machine-id"\" \
|
||||
-DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \
|
||||
-DDBUS_SESSION_CONFIG_FILE=\""$(configdir)/session.conf"\"
|
||||
@@ -173,7 +173,7 @@ noinst_LTLIBRARIES=libdbus-convenience.l
|
||||
libdbus_1_la_LIBADD= $(DBUS_CLIENT_LIBS)
|
||||
## don't export symbols that start with "_" (we use this
|
||||
## convention for internal symbols)
|
||||
-libdbus_1_la_LDFLAGS= -export-symbols-regex "^[^_].*" -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) -no-undefined @R_DYNAMIC_LDFLAG@
|
||||
+libdbus_1_la_LDFLAGS= -export-symbols-regex "^[^_].*" -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) -no-undefined @R_DYNAMIC_LDFLAG@ @PIC_LDFLAGS@
|
||||
|
||||
libdbus_convenience_la_LDFLAGS=@R_DYNAMIC_LDFLAG@
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
Summary: D-BUS message bus
|
||||
Name: dbus
|
||||
Version: 1.1.2
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
URL: http://www.freedesktop.org/software/dbus/
|
||||
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
|
||||
Source1: doxygen_to_devhelp.xsl
|
||||
@ -41,6 +41,8 @@ Patch2: dbus-1.0.2-lsb.patch
|
||||
Patch3: dbus-1.1.2-audit-user.patch
|
||||
# https://bugs.freedesktop.org/show_bug.cgi?id=12430
|
||||
Patch4: dbus-1.1.2-no-abort.patch
|
||||
# from upstream git
|
||||
Patch5: dbus-pie.patch
|
||||
|
||||
%description
|
||||
|
||||
@ -85,6 +87,7 @@ in this separate package so server systems need not install X.
|
||||
%patch2 -p1 -b .lsb
|
||||
%patch3 -p1 -b .audit-user
|
||||
%patch4 -p1 -b .abort
|
||||
%patch5 -p1 -b .pie
|
||||
|
||||
autoreconf -f -i
|
||||
|
||||
@ -204,6 +207,9 @@ fi
|
||||
%{_datadir}/devhelp/books/dbus
|
||||
|
||||
%changelog
|
||||
* Thu Oct 4 2007 Matthias Clasen <mclasen@redhat.com> - 1.1.2-7
|
||||
- Make the daemon a PIE executable (#210039)
|
||||
|
||||
* Fri Sep 14 2007 Bill Nottingham <notting@redhat.com> - 1.1.2-6%{?dist}
|
||||
- fix daemon abort when SELinux denies passing on a message (#283231)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user