import fence-virt-0.4.0-7.el8
This commit is contained in:
CentOS Sources
parent
8dd7ffcf4b
commit
8718be934c
147
SOURCES/bz1624110-1-harden-fPIE.patch
Normal file
147
SOURCES/bz1624110-1-harden-fPIE.patch
Normal file
@ -0,0 +1,147 @@
|
||||
diff -uNr a/client/Makefile.in b/client/Makefile.in
|
||||
--- a/client/Makefile.in 2017-06-05 20:24:36.000000000 +0200
|
||||
+++ b/client/Makefile.in 2019-04-09 15:04:01.910270557 +0200
|
||||
@@ -24,7 +24,7 @@
|
||||
`xml2-config --cflags`
|
||||
|
||||
# nss sucks in way too much stuff
|
||||
-LIBS+=-lnss3 `xml2-config --libs`
|
||||
+LIBS+=-lnss3 `xml2-config --libs` -Wl,-z,now
|
||||
|
||||
TARGETS=${TARGET}
|
||||
|
||||
@@ -40,7 +40,16 @@
|
||||
ln -snf $^ $@
|
||||
|
||||
fence_virt: ${fence_virt_SOURCES:.c=.o}
|
||||
- $(CC) -o $@ $^ $(LIBS) -L../common -lfence_virt
|
||||
+ $(CC) $(CFLAGS) -o $@ $^ -shared $(LIBS) -L../common -lfence_virt
|
||||
+
|
||||
+mcast.o: mcast.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
+
|
||||
+options.o: options.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
+
|
||||
+serial.o: serial.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
|
||||
%.o: %.c
|
||||
$(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
|
||||
diff -uNr a/common/Makefile.in b/common/Makefile.in
|
||||
--- a/common/Makefile.in 2017-06-05 20:24:36.000000000 +0200
|
||||
+++ b/common/Makefile.in 2019-04-09 15:07:17.456815023 +0200
|
||||
@@ -24,6 +24,18 @@
|
||||
libfence_virt.a: ${libfence_virt_a_SOURCE:.c=.o}
|
||||
ar rc $@ $^
|
||||
|
||||
+fdops.o: fdops.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
+
|
||||
+ip_lookup.o: ip_lookup.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
+
|
||||
+mcast.o: mcast.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
+
|
||||
+tcp.o: tcp.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
+
|
||||
%.o: %.c
|
||||
$(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
|
||||
|
||||
diff -uNr a/config/Makefile.in b/config/Makefile.in
|
||||
--- a/config/Makefile.in 2017-06-05 20:24:36.000000000 +0200
|
||||
+++ b/config/Makefile.in 2019-04-09 13:53:38.538444645 +0200
|
||||
@@ -42,7 +42,7 @@
|
||||
$(LEX) -oconfig.c config.l
|
||||
|
||||
%.o: %.c
|
||||
- $(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
|
||||
+ $(CC) $(CFLAGS) -fPIE -c -o $@ $^ $(INCLUDES)
|
||||
|
||||
clean:
|
||||
rm -f ${TARGETS} *~ *.o testprog config.tab.c config.tab.h config.c
|
||||
diff -uNr a/Makefile.top.in b/Makefile.top.in
|
||||
--- a/Makefile.top.in 2017-06-05 20:24:36.000000000 +0200
|
||||
+++ b/Makefile.top.in 2019-04-09 15:17:52.488438333 +0200
|
||||
@@ -2,7 +2,9 @@
|
||||
CXX=@CXX@
|
||||
|
||||
CFLAGS=@CFLAGS@
|
||||
-CFLAGS+=-fPIC -Wall -Wformat=2 -Wstrict-prototypes -Wshadow -D_GNU_SOURCE
|
||||
+CFLAGS+=-Wall -Wformat=2 -Wstrict-prototypes -Wshadow -D_GNU_SOURCE
|
||||
+CXXFLAGS=@CXXFLAGS@
|
||||
+CXXFLAGS+=-Wall -Wformat=2 -Wstrict-prototypes -Wshadow -D_GNU_SOURCE
|
||||
|
||||
LEX=@LEX@
|
||||
YACC=@YACC@
|
||||
diff -uNr a/server/Makefile.in b/server/Makefile.in
|
||||
--- a/server/Makefile.in 2017-06-05 20:24:36.000000000 +0200
|
||||
+++ b/server/Makefile.in 2019-04-09 15:11:51.692932810 +0200
|
||||
@@ -32,7 +32,7 @@
|
||||
XML_LIBS=`xml2-config --libs`
|
||||
INCLUDES=-I../include `nss-config --cflags` `nspr-config --cflags` `xml2-config --cflags`
|
||||
|
||||
-LIBS+=-L../common -lfence_virt -Wl,-wrap,syslog,-wrap,closelog -lpthread -luuid
|
||||
+LIBS+=-L../common -lfence_virt -Wl,-z,now,-wrap,syslog,-wrap,closelog -lpthread -luuid
|
||||
|
||||
MODULE_PATH=${libdir}/${PACKAGE_NAME}
|
||||
|
||||
@@ -150,37 +150,46 @@
|
||||
all: ${TARGETS} ${MODULES}
|
||||
|
||||
fence_virtd: ${fence_virtd_SOURCES:.c=.o} ${fence_virtd_cxx_SOURCES:.cpp=.opp}
|
||||
- $(CXX) -o $@ $^ $(MAIN_LIBS) $(LIBS)
|
||||
+ $(CXX) $(CXXFLAGS) -o $@ $^ $(MAIN_LIBS) $(LIBS)
|
||||
|
||||
multicast.so: ${multicast_so_SOURCES:.c=.o}
|
||||
- $(CC) -o $@ $^ $(LIBS) -shared $(NSS_LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(NSS_LIBS)
|
||||
|
||||
libvirt.so: ${libvirt_so_SOURCES:.c=.o}
|
||||
- $(CC) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS)
|
||||
|
||||
libvirt-qmf.so: ${libvirt_qmf_so_SOURCES:.c=.o} ${libvirt_qmf_cxx_so_SOURCES:.cpp=.opp}
|
||||
- $(CXX) -o $@ $^ $(LIBS) -shared $(VIRT_QPID)
|
||||
+ $(CXX) $(CXXFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_QPID)
|
||||
|
||||
pm-fence.so: ${pm_fence_so_SOURCES:.c=.o}
|
||||
- $(CC) -o $@ $^ $(LIBS) -shared $(PACEMAKER_LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(PACEMAKER_LIBS)
|
||||
|
||||
cpg.so: ${cpg_so_SOURCES:.c=.o}
|
||||
- $(CC) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS) $(COROSYNC_LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS) $(COROSYNC_LIBS)
|
||||
|
||||
null.so: ${null_so_SOURCES:.c=.o}
|
||||
- $(CC) -o $@ $^ $(LIBS) -shared
|
||||
+ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared
|
||||
|
||||
serial.so: ${serial_so_SOURCES:.c=.o}
|
||||
- $(CC) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS)
|
||||
|
||||
tcp.so: ${tcp_so_SOURCES:.c=.o}
|
||||
- $(CC) -o $@ $^ $(LIBS) -shared $(NSS_LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(NSS_LIBS)
|
||||
+
|
||||
+cpg-virt.o: cpg-virt.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
+
|
||||
+virt.o: virt.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
+
|
||||
+virt-serial.o: virt-serial.c
|
||||
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
|
||||
%.o: %.c
|
||||
$(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
|
||||
|
||||
%.opp: %.cpp
|
||||
- $(CXX) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
|
||||
+ $(CXX) $(CXXFLAGS) -c -o $@ $^ $(INCLUDES)
|
||||
|
||||
install: all
|
||||
if [ ! -d ${DESTDIR}/${sbindir} ]; then \
|
||||
21
SOURCES/bz1624110-2-fence_virt-fix-coredump.patch
Normal file
21
SOURCES/bz1624110-2-fence_virt-fix-coredump.patch
Normal file
@ -0,0 +1,21 @@
|
||||
diff -uNr a/client/Makefile.in b/client/Makefile.in
|
||||
--- a/client/Makefile.in 2019-04-10 11:06:55.428378274 +0200
|
||||
+++ b/client/Makefile.in 2019-04-10 13:02:54.734002880 +0200
|
||||
@@ -40,16 +40,7 @@
|
||||
ln -snf $^ $@
|
||||
|
||||
fence_virt: ${fence_virt_SOURCES:.c=.o}
|
||||
- $(CC) $(CFLAGS) -o $@ $^ -shared $(LIBS) -L../common -lfence_virt
|
||||
-
|
||||
-mcast.o: mcast.c
|
||||
- $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
-
|
||||
-options.o: options.c
|
||||
- $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
-
|
||||
-serial.o: serial.c
|
||||
- $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
|
||||
+ $(CC) $(CFLAGS) -pie -o $@ $^ $(LIBS) -L../common -lfence_virt
|
||||
|
||||
%.o: %.c
|
||||
$(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
|
||||
@ -0,0 +1,35 @@
|
||||
From 83e507cd236c304ce6b95b2ba52d3894f8002dc8 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Fri, 9 Nov 2018 13:10:29 +0100
|
||||
Subject: [PATCH] fence_virt: dont report success for incorrect parameters
|
||||
|
||||
---
|
||||
client/main.c | 2 +-
|
||||
client/options.c | 1 +
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/client/main.c b/client/main.c
|
||||
index 8e94093..a3135e3 100644
|
||||
--- a/client/main.c
|
||||
+++ b/client/main.c
|
||||
@@ -112,7 +112,7 @@ main(int argc, char **argv)
|
||||
args.mode = MODE_VSOCK;
|
||||
|
||||
if (args.flags & F_ERR) {
|
||||
- if (args.op != FENCE_VALIDATEALL)
|
||||
+ if (args.op != FENCE_VALIDATEALL)
|
||||
args_usage(argv[0], my_options, (argc == 1));
|
||||
exit(1);
|
||||
}
|
||||
diff --git a/client/options.c b/client/options.c
|
||||
index a3f321b..4b5ed56 100644
|
||||
--- a/client/options.c
|
||||
+++ b/client/options.c
|
||||
@@ -904,6 +904,7 @@ args_get_stdin(const char *optstr, fence_virt_args_t *args)
|
||||
"parse warning: "
|
||||
"illegal variable '%s' on line %d\n", name,
|
||||
line);
|
||||
+ args->flags |= F_ERR;
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: fence-virt
|
||||
Version: 0.4.0
|
||||
Release: 4%{?dist}
|
||||
Release: 7%{?dist}
|
||||
Summary: A pluggable fencing framework for virtual machines
|
||||
Group: System Environment/Base
|
||||
License: GPLv2+
|
||||
@ -11,6 +11,9 @@ ExclusiveArch: i686 x86_64
|
||||
|
||||
URL: http://fence-virt.sourceforge.net
|
||||
Source0: http://people.redhat.com/rmccabe/fence-virt/%{name}-%{version}.tar.bz2
|
||||
Patch0: bz1624110-1-harden-fPIE.patch
|
||||
Patch1: bz1624110-2-fence_virt-fix-coredump.patch
|
||||
Patch2: bz1668357-fence_virt-dont-report-success-incorrect-parameter.patch
|
||||
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
|
||||
@ -95,6 +98,9 @@ are located on corosync cluster nodes.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1 -F1
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
@ -186,6 +192,16 @@ fi
|
||||
%{_libdir}/%{name}/cpg.so
|
||||
|
||||
%changelog
|
||||
* Tue Jul 23 2019 Oyvind Albrigtsen <oalbrigt@redhat.com> - 0.4.0-7
|
||||
- fence_xvm/fence_virt: dont report success for incorrect parameter
|
||||
Resolves: rhbz#1668357
|
||||
|
||||
* Tue Apr 9 2019 Oyvind Albrigtsen <oalbrigt@redhat.com> - 0.4.0-6
|
||||
- Harden with -fPIE and -Wl,-z,now
|
||||
Resolves: rhbz#1624110
|
||||
- Add CI gating tests
|
||||
Resolves: rhbz#1682883
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user