diff --git a/0014-fix-openssl-harden-ossl-build-CFLAGS.patch b/0014-fix-openssl-harden-ossl-build-CFLAGS.patch new file mode 100644 index 0000000..17c051e --- /dev/null +++ b/0014-fix-openssl-harden-ossl-build-CFLAGS.patch @@ -0,0 +1,26 @@ +From a5e477c67c45b4439249ab92590f7b67dab4f7df Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Mon, 17 Feb 2025 06:58:26 +0100 +Subject: [PATCH 14/14] fix(openssl): harden ossl build CFLAGS + +Related: RHEL-76323 +--- + src/ossl/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ossl/Makefile b/src/ossl/Makefile +index 17b418c2..200dcbb5 100644 +--- a/src/ossl/Makefile ++++ b/src/ossl/Makefile +@@ -1,7 +1,7 @@ + .PHONY: all clean tests + + CFLAGS ?= -std=c99 -Wall -Werror -pedantic -D_XOPEN_SOURCE=600 +-CRYPTO_FLAGS = -lcrypto ++CRYPTO_FLAGS = -lcrypto -Wl,-pie -Wl,-z,now + TARGETS = src/ossl-config src/ossl-files + + TESTS_CONFIG = $(wildcard tests/config/*.cnf) +-- +2.47.1 + diff --git a/dracut.spec b/dracut.spec index c70fe13..decf0c1 100644 --- a/dracut.spec +++ b/dracut.spec @@ -8,7 +8,7 @@ Name: dracut Version: 105 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Initramfs generator using udev @@ -61,6 +61,9 @@ Patch12: 0012-fix-dracut-install-initize-fts-pointer.patch # feat: add openssl module # Author: Pavel Valena Patch13: 0013-feat-add-openssl-module.patch +# fix(openssl): harden ossl build CFLAGS +# Author: Pavel Valena +Patch14: 0014-fix-openssl-harden-ossl-build-CFLAGS.patch # Please use source-git to work with this spec file: # HowTo: https://packit.dev/source-git/work-with-source-git @@ -479,6 +482,10 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ %{_prefix}/lib/kernel/install.d/51-dracut-rescue.install %changelog +* Mon Feb 17 2025 Pavel Valena - 105-2 +- fix(openssl): harden ossl build CFLAGS + Related: RHEL-76323 + * Mon Feb 17 2025 Pavel Valena - 105-1 - build: upgrade to dracut 105 - fix(systemd-ask-password): do not half-install systemd-ask-password-wall