From baeadb7b49fedbc8d79e5dc06adcf95c8be7152e Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Thu, 30 Sep 2010 13:24:39 +0200 Subject: [PATCH] Improve PIE patch (build libraries with -fpic, not with -fpie). Signed-off-by: Adam Tkac --- dhcp-4.2.0-PIE-RELRO.patch | 70 ++++++++++++++++++++++++++++++++++---- dhcp.spec | 16 +++++++-- 2 files changed, 77 insertions(+), 9 deletions(-) diff --git a/dhcp-4.2.0-PIE-RELRO.patch b/dhcp-4.2.0-PIE-RELRO.patch index 5805fd2..23306b8 100644 --- a/dhcp-4.2.0-PIE-RELRO.patch +++ b/dhcp-4.2.0-PIE-RELRO.patch @@ -1,8 +1,24 @@ +diff -up dhcp-4.2.0/bind/Makefile.PIE-RELRO dhcp-4.2.0/bind/Makefile +--- dhcp-4.2.0/bind/Makefile.PIE-RELRO 2010-07-10 05:26:52.000000000 +0200 ++++ dhcp-4.2.0/bind/Makefile 2010-09-30 13:38:45.670019545 +0200 +@@ -45,7 +45,7 @@ all: + # Currently disable the epoll and devpoll options as they don't interact + # well with the DHCP code. + @echo Configuring BIND Export libraries for DHCP. +- @(cd ${bindsrcdir} && ./configure --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib > ${binddir}/configure.log) ++ @(cd ${bindsrcdir} && ./configure --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib --with-libtool --with-pic --disable-shared > ${binddir}/configure.log) + + # Build the export libraries + @echo Building BIND Export libraries - this takes some time. diff -up dhcp-4.2.0/client/Makefile.am.PIE-RELRO dhcp-4.2.0/client/Makefile.am ---- dhcp-4.2.0/client/Makefile.am.PIE-RELRO 2010-09-07 17:22:32.000000000 +0200 -+++ dhcp-4.2.0/client/Makefile.am 2010-09-07 17:23:08.000000000 +0200 -@@ -6,6 +6,8 @@ dhclient_SOURCES = clparse.c dhclient.c +--- dhcp-4.2.0/client/Makefile.am.PIE-RELRO 2010-09-30 13:38:45.630019545 +0200 ++++ dhcp-4.2.0/client/Makefile.am 2010-09-30 13:38:45.670019545 +0200 +@@ -4,15 +4,12 @@ dhclient_SOURCES = clparse.c dhclient.c + scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ + scripts/netbsd scripts/nextstep scripts/openbsd \ scripts/solaris scripts/openwrt ++dhclient_CPPFLAGS = -DCLIENT_PATH='"$(sbindir)"' -DLOCALSTATEDIR='"$(localstatedir)"' ++dhclient_CFLAGS = -fpie dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ ../bind/lib/libdns.a ../bind/lib/libisc.a $(CAPNG_LDADD) +dhclient_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now @@ -10,11 +26,46 @@ diff -up dhcp-4.2.0/client/Makefile.am.PIE-RELRO dhcp-4.2.0/client/Makefile.am man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 EXTRA_DIST = $(man_MANS) +-dhclient.o: dhclient.c +- $(COMPILE) -DCLIENT_PATH='"$(sbindir)"' \ +- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhclient.c +- +-dhc6.o: dhc6.c +- $(COMPILE) -DCLIENT_PATH='"$(sbindir)"' \ +- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhc6.c +diff -up dhcp-4.2.0/common/Makefile.am.PIE-RELRO dhcp-4.2.0/common/Makefile.am +--- dhcp-4.2.0/common/Makefile.am.PIE-RELRO 2009-10-28 05:12:29.000000000 +0100 ++++ dhcp-4.2.0/common/Makefile.am 2010-09-30 13:38:45.670019545 +0200 +@@ -1,4 +1,5 @@ + AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' ++AM_CFLAGS = -fpic + + noinst_LIBRARIES = libdhcp.a + libdhcp_a_SOURCES = alloc.c bpf.c comapi.c conflex.c ctrace.c discover.c \ +diff -up dhcp-4.2.0/omapip/Makefile.am.PIE-RELRO dhcp-4.2.0/omapip/Makefile.am +--- dhcp-4.2.0/omapip/Makefile.am.PIE-RELRO 2010-02-12 01:13:54.000000000 +0100 ++++ dhcp-4.2.0/omapip/Makefile.am 2010-09-30 13:39:06.900022975 +0200 +@@ -1,3 +1,5 @@ ++AM_CFLAGS = -fpic ++ + lib_LIBRARIES = libomapi.a + noinst_PROGRAMS = svtest + +@@ -10,5 +12,6 @@ man_MANS = omapi.3 + EXTRA_DIST = $(man_MANS) + + svtest_SOURCES = test.c ++svtest_CFLAGS = -fpie + svtest_LDADD = libomapi.a ../bind/lib/libdns.a ../bind/lib/libisc.a + diff -up dhcp-4.2.0/relay/Makefile.am.PIE-RELRO dhcp-4.2.0/relay/Makefile.am --- dhcp-4.2.0/relay/Makefile.am.PIE-RELRO 2009-10-28 05:12:30.000000000 +0100 -+++ dhcp-4.2.0/relay/Makefile.am 2010-09-07 17:23:38.000000000 +0200 -@@ -4,6 +4,8 @@ sbin_PROGRAMS = dhcrelay ++++ dhcp-4.2.0/relay/Makefile.am 2010-09-30 13:38:45.670019545 +0200 +@@ -2,8 +2,11 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst + + sbin_PROGRAMS = dhcrelay dhcrelay_SOURCES = dhcrelay.c ++dhcrelay_CFLAGS = -fpie dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ ../bind/lib/libdns.a ../bind/lib/libisc.a +dhcrelay_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now @@ -24,8 +75,13 @@ diff -up dhcp-4.2.0/relay/Makefile.am.PIE-RELRO dhcp-4.2.0/relay/Makefile.am diff -up dhcp-4.2.0/server/Makefile.am.PIE-RELRO dhcp-4.2.0/server/Makefile.am --- dhcp-4.2.0/server/Makefile.am.PIE-RELRO 2010-03-24 22:49:47.000000000 +0100 -+++ dhcp-4.2.0/server/Makefile.am 2010-09-07 17:24:08.000000000 +0200 -@@ -10,6 +10,7 @@ dhcpd_CFLAGS = $(LDAP_CFLAGS) ++++ dhcp-4.2.0/server/Makefile.am 2010-09-30 13:38:45.670019545 +0200 +@@ -6,10 +6,11 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c + omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c \ + dhcpv6.c mdb6.c ldap.c ldap_casa.c + +-dhcpd_CFLAGS = $(LDAP_CFLAGS) ++dhcpd_CFLAGS = $(LDAP_CFLAGS) -fpie dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ ../dhcpctl/libdhcpctl.a ../bind/lib/libdns.a \ ../bind/lib/libisc.a diff --git a/dhcp.spec b/dhcp.spec index e4ba5b7..56cdf4b 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -7,7 +7,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.2.0 -Release: 12%{?dist} +Release: 13%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -254,6 +254,15 @@ libdhcpctl and libomapi static libraries are also included in this package. %{__install} -p -m 0755 %{SOURCE4} client/scripts/linux %{__install} -p -m 0644 %{SOURCE5} . +# Sparc and s390 arches need to use -fPIE/-fPIC +%ifarch sparcv9 sparc64 s390 s390x +for i in {client,relay,server,omapip}/Makefile.am; do + %{__sed} -i 's|fpie|fPIE|g' $i +done +for i in {common,omapip}/Makefile.am; do + %{__sed} -i 's|fpic|fPIC|g' $i +%endif + # Ensure we don't pick up Perl as a dependency from the scripts and modules # in the contrib directory (we copy this to /usr/share/doc in the final # package). @@ -302,7 +311,7 @@ done %build autoreconf --verbose --force --install -CFLAGS="%{optflags} -fno-strict-aliasing -fPIE -D_GNU_SOURCE" \ +CFLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" \ %configure \ --with-srv-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd.leases \ --with-srv6-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd6.leases \ @@ -531,6 +540,9 @@ fi %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz %changelog +* Wed Oct 20 2010 Adam Tkac - 12:4.2.0-13 +- improve PIE patch (build libraries with -fpic, not with -fpie) + * Wed Oct 13 2010 Jiri Popelka - 12:4.2.0-12 - Server was ignoring client's Solicit (where client included address/prefix as a preference) (#634842)