rpms/freeradius
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- add security options to compiler/linker

Browse Source
This commit is contained in:
John Dennis 2012-12-12 20:08:48 -05:00
parent 7d799aba5f
commit 9758ebeea8
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
freeradius.spec
View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server Summary: High-performance and highly configurable free RADIUS server
Name: freeradius Name: freeradius
Version: 2.2.0 Version: 2.2.0
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://www.freeradius.org/ URL: http://www.freeradius.org/
@ -159,10 +159,14 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} + find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} +
%build %build
# Because this is a network facing authentication daemon add build options to improve security
# pic, pie, -znow produce fully relocatable code loaded at random addresses, address tables are read-only
%ifarch s390 s390x %ifarch s390 s390x
export CFLAGS="$RPM_OPT_FLAGS -fPIC" export CFLAGS="$RPM_OPT_FLAGS -fPIC -fPIE -DPIE"
export LDFLAGS="-pie -Wl,-znow"
%else %else
export CFLAGS="$RPM_OPT_FLAGS -fpic" export CFLAGS="$RPM_OPT_FLAGS -fpic -fPIE -DPIE"
export LDFLAGS="-pie -Wl,-znow"
%endif %endif
%configure \ %configure \
@ -193,7 +197,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
perl -pi -e 's:sys_lib_search_path_spec=.*:sys_lib_search_path_spec="/lib64 /usr/lib64 /usr/local/lib64":' libtool perl -pi -e 's:sys_lib_search_path_spec=.*:sys_lib_search_path_spec="/lib64 /usr/lib64 /usr/local/lib64":' libtool
%endif %endif
make LINK_MODE=-pie make
%install %install
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/radiusd mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/radiusd
@ -604,6 +608,9 @@ exit 0
%{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so %{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so
%changelog %changelog
* Wed Dec 12 2012 John Dennis <jdennis@redhat.com> - 2.2.0-2
- add security options to compiler/linker
* Mon Dec 10 2012 John Dennis <jdennis@redhat.com> - 2.2.0-1 * Mon Dec 10 2012 John Dennis <jdennis@redhat.com> - 2.2.0-1
- resolves: bug#876564 - fails to start without freeradius-mysql - resolves: bug#876564 - fails to start without freeradius-mysql
- use upstream version of freeradius-exclude-config-file.patch - use upstream version of freeradius-exclude-config-file.patch