rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- also link binaries with -Wl,-z,relro,-z,now (part of #629950)

Browse Source
This commit is contained in:
Nalin Dahyabhai 2010-09-03 13:08:45 -04:00
parent 6130f43a46
commit a7376e1a41
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
krb5-1.7-buildconf.patch
View File

@ -1,5 +1,5 @@
Build binaries in this package as PIEs and install shared libraries with the Build binaries in this package as RELRO PIEs and install shared libraries with
execute bit set on them. Prune out the -L/usr/lib*, PIE flags, and CFLAGS the execute bit set on them. Prune out the -L/usr/lib*, PIE flags, and CFLAGS
where they might leak out and affect apps which just want to link with the where they might leak out and affect apps which just want to link with the
libraries. FIXME: needs to check and not just assume that the compiler supports libraries. FIXME: needs to check and not just assume that the compiler supports
using these flags. using these flags.
@ -11,7 +11,7 @@ diff -up krb5-1.7/src/config/shlib.conf krb5-1.7/src/config/shlib.conf
RPATH_FLAG='-Wl,-rpath -Wl,' RPATH_FLAG='-Wl,-rpath -Wl,'
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie $(LDFLAGS)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro,-z,now $(LDFLAGS)'
+ INSTALL_SHLIB='${INSTALL} -m755' + INSTALL_SHLIB='${INSTALL} -m755'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
@ -19,7 +19,7 @@ diff -up krb5-1.7/src/config/shlib.conf krb5-1.7/src/config/shlib.conf
diff -up krb5-1.7/src/krb5-config.in krb5-1.7/src/krb5-config.in diff -up krb5-1.7/src/krb5-config.in krb5-1.7/src/krb5-config.in
--- krb5-1.7/src/krb5-config.in 2009-06-04 14:01:28.000000000 -0400 --- krb5-1.7/src/krb5-config.in 2009-06-04 14:01:28.000000000 -0400
+++ krb5-1.7/src/krb5-config.in 2009-06-04 14:01:28.000000000 -0400 +++ krb5-1.7/src/krb5-config.in 2009-06-04 14:01:28.000000000 -0400
@@ -187,8 +187,13 @@ if test -n "$do_libs"; then @@ -187,8 +187,14 @@ if test -n "$do_libs"; then
-e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
-e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \ -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
@ -30,6 +30,7 @@ diff -up krb5-1.7/src/krb5-config.in krb5-1.7/src/krb5-config.in
+ lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"` + lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"`
+ fi + fi
+ lib_flags=`echo $lib_flags | sed -e "s#-fPIE##" -e "s#-pie##"` + lib_flags=`echo $lib_flags | sed -e "s#-fPIE##" -e "s#-pie##"`
+ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro,-z,now##"`
+ +
if test $library = 'kdb'; then if test $library = 'kdb'; then
lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"

5
krb5.spec
View File

@ -5,7 +5,7 @@
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.8.3 Version: 1.8.3
Release: 2%{?dist} Release: 3%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.3-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.3-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -637,6 +637,9 @@ exit 0
%{_sbindir}/uuserver %{_sbindir}/uuserver
%changelog %changelog
* Fri Sep 3 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-3
- also link binaries with -Wl,-z,relro,-z,now (part of #629950)
* Tue Aug 24 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-2 * Tue Aug 24 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-2
- fix a logic bug in computing key expiration times (RT#6762, #627022) - fix a logic bug in computing key expiration times (RT#6762, #627022)