rpms/dbus
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Make the daemon a PIE executable

Browse Source
This commit is contained in:
Matthias Clasen 2007-10-05 02:39:26 +00:00
parent dd7f53f572
commit 726498e2d4
2 changed files with 94 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
dbus-pie.patch Normal file
View File

@ -0,0 +1,87 @@
From: John (J5) Palmieri <johnp@redhat.com>
Date: Wed, 3 Oct 2007 19:21:57 +0000 (-0400)
Subject: Correctly implement -fPIC and -fPIE
X-Git-Url: http://gitweb.freedesktop.org/?p=dbus/dbus.git;a=commitdiff;h=8a92100bbed2ba5cb16a1ede36214fa7d2f43e43
Correctly implement -fPIC and -fPIE
* For security reasons we want possition independent code for libraries
and possition independent executable for executables
* before we were just enabling -fPIC
* now we correctly enable -fPIC and -PIE for libdbus and the bus respectively
* propper LD_FLAGS are set for each also
---
--- a/bus/Makefile.am
+++ b/bus/Makefile.am
@@ -1,7 +1,7 @@
configdir=$(sysconfdir)/dbus-1
-INCLUDES=-I$(top_srcdir) $(DBUS_BUS_CFLAGS) \
+INCLUDES=-I$(top_srcdir) $(DBUS_BUS_CFLAGS) @PIE_CFLAGS@ \
-DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \
-DDAEMON_NAME=\"dbus-daemon\" -DDBUS_COMPILATION
@@ -77,7 +77,7 @@ dbus_daemon_LDADD= \
$(DBUS_BUS_LIBS) \
$(top_builddir)/dbus/libdbus-convenience.la
-dbus_daemon_LDFLAGS=@R_DYNAMIC_LDFLAG@ @SECTION_LDFLAGS@
+dbus_daemon_LDFLAGS=@R_DYNAMIC_LDFLAG@ @SECTION_LDFLAGS@ @PIE_LDFLAGS@
LAUNCH_HELPER_SOURCES= \
$(XML_SOURCES) \
--- a/configure.in
+++ b/configure.in
@@ -211,7 +211,17 @@ if test "x$GCC" = "xyes"; then
case " $CFLAGS " in
*[\ \ ]-fPIC[\ \ ]*) ;;
*) if cc_supports_flag -fPIC; then
- CFLAGS="$CFLAGS -fPIC"
+ PIC_CFLAGS="-fPIC"
+ PIC_LDFLAGS="-Wl,-z,relro"
+ fi
+ ;;
+ esac
+
+ case " $CFLAGS " in
+ *[\ \ ]-fPIE[\ \ ]*) ;;
+ *) if cc_supports_flag -fPIE; then
+ PIE_CFLAGS="-fPIE"
+ PIE_LDFLAGS="-pie -Wl,-z,relro"
fi
;;
esac
@@ -257,6 +267,11 @@ else
fi
fi
+AC_SUBST(PIC_CFLAGS)
+AC_SUBST(PIC_LDFLAGS)
+AC_SUBST(PIE_CFLAGS)
+AC_SUBST(PIE_LDFLAGS)
+
# Check for -Wl,--gc-sections
AC_MSG_CHECKING([for ld that supports "-Wl,--gc-sections"])
AC_TRY_LINK([
--- a/dbus/Makefile.am
+++ b/dbus/Makefile.am
@@ -1,7 +1,7 @@
configdir=$(sysconfdir)/dbus-1
-INCLUDES=-I$(top_builddir) -I$(top_srcdir) $(DBUS_CLIENT_CFLAGS) -DDBUS_COMPILATION \
+INCLUDES=-I$(top_builddir) -I$(top_srcdir) $(DBUS_CLIENT_CFLAGS) @PIC_CFLAGS@ -DDBUS_COMPILATION \
-DDBUS_MACHINE_UUID_FILE=\""$(localstatedir)/lib/dbus/machine-id"\" \
-DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \
-DDBUS_SESSION_CONFIG_FILE=\""$(configdir)/session.conf"\"
@@ -173,7 +173,7 @@ noinst_LTLIBRARIES=libdbus-convenience.l
libdbus_1_la_LIBADD= $(DBUS_CLIENT_LIBS)
## don't export symbols that start with "_" (we use this
## convention for internal symbols)
-libdbus_1_la_LDFLAGS= -export-symbols-regex "^[^_].*" -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) -no-undefined @R_DYNAMIC_LDFLAG@
+libdbus_1_la_LDFLAGS= -export-symbols-regex "^[^_].*" -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) -no-undefined @R_DYNAMIC_LDFLAG@ @PIC_LDFLAGS@
libdbus_convenience_la_LDFLAGS=@R_DYNAMIC_LDFLAG@

8
dbus.spec
View File

@ -8,7 +8,7 @@
Summary: D-BUS message bus Summary: D-BUS message bus
Name: dbus Name: dbus
Version: 1.1.2 Version: 1.1.2
Release: 6%{?dist} Release: 7%{?dist}
URL: http://www.freedesktop.org/software/dbus/ URL: http://www.freedesktop.org/software/dbus/
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
Source1: doxygen_to_devhelp.xsl Source1: doxygen_to_devhelp.xsl
@ -41,6 +41,8 @@ Patch2: dbus-1.0.2-lsb.patch
Patch3: dbus-1.1.2-audit-user.patch Patch3: dbus-1.1.2-audit-user.patch
# https://bugs.freedesktop.org/show_bug.cgi?id=12430 # https://bugs.freedesktop.org/show_bug.cgi?id=12430
Patch4: dbus-1.1.2-no-abort.patch Patch4: dbus-1.1.2-no-abort.patch
# from upstream git
Patch5: dbus-pie.patch
%description %description
@ -85,6 +87,7 @@ in this separate package so server systems need not install X.
%patch2 -p1 -b .lsb %patch2 -p1 -b .lsb
%patch3 -p1 -b .audit-user %patch3 -p1 -b .audit-user
%patch4 -p1 -b .abort %patch4 -p1 -b .abort
%patch5 -p1 -b .pie
autoreconf -f -i autoreconf -f -i
@ -204,6 +207,9 @@ fi
%{_datadir}/devhelp/books/dbus %{_datadir}/devhelp/books/dbus
%changelog %changelog
* Thu Oct 4 2007 Matthias Clasen <mclasen@redhat.com> - 1.1.2-7
- Make the daemon a PIE executable (#210039)
* Fri Sep 14 2007 Bill Nottingham <notting@redhat.com> - 1.1.2-6%{?dist} * Fri Sep 14 2007 Bill Nottingham <notting@redhat.com> - 1.1.2-6%{?dist}
- fix daemon abort when SELinux denies passing on a message (#283231) - fix daemon abort when SELinux denies passing on a message (#283231)