From 7e2c1061c8fc1a80327da6afee4a76e61313a632 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20B=C3=A9rat?= Date: Thu, 6 Jun 2024 14:45:20 +0200 Subject: [PATCH] Enable hardening on libltdl loaders While hardening flags were properly passed to make for the ltdl library, the loaders (which are built separately), were not built with them. Fix the dedicated patch for the loaders to be hardened. Resolves: RHEL-39991 --- libtool-2.4.6-hardening.patch | 30 ++++++++++++++++++++++++++++-- libtool.spec | 5 ++++- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/libtool-2.4.6-hardening.patch b/libtool-2.4.6-hardening.patch index 5c78918..0363fff 100644 --- a/libtool-2.4.6-hardening.patch +++ b/libtool-2.4.6-hardening.patch @@ -1,14 +1,40 @@ +libtool: Enable hardening in libltdl + +See the rhbz#1289759 and rhbz#1214506. We disable hardening namely because +that bakes the CFLAGS/LDFLAGS into installed /bin/libtool and ltmain.sh files. +At the same time we want to have libltdl.so hardened. Downstream-only patch. + +--- + diff --git a/Makefile.am b/Makefile.am index 13dfc63..5c5603a 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -311,6 +311,9 @@ libtool: $(ltmain_sh) $(config_status) $(dotversion) +@@ -309,10 +309,27 @@ + ## Libltdl. ## + ## -------- ## include libltdl/ltdl.mk -+libltdl_libltdl_la_CPPFLAGS += $(CUSTOM_LTDL_CFLAGS) ++libltdl_libltdl_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) +libltdl_libltdl_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++ ++libltdl_dlopen_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_dld_link_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_dyld_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_load_add_on_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_loadlibrary_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_shl_load_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++ ++libltdl_dlopen_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_dld_link_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_dyld_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_load_add_on_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_loadlibrary_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_shl_load_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) + lt_aclocal_m4 = $(srcdir)/$(ltdl_dir)/aclocal.m4 lt_config_h_in = $(srcdir)/$(ltdl_dir)/config-h.in lt_configure = $(srcdir)/$(ltdl_dir)/configure + lt_configure_ac = $(srcdir)/$(ltdl_dir)/configure.ac + stamp_mk = $(srcdir)/$(ltdl_dir)/stamp-mk diff --git a/libtool.spec b/libtool.spec index edfda26..2522ea2 100644 --- a/libtool.spec +++ b/libtool.spec @@ -8,7 +8,7 @@ Summary: The GNU Portable Library Tool Name: libtool Version: 2.4.6 -Release: 45%{?dist} +Release: 46%{?dist} License: GPLv2+ and LGPLv2+ and GFDL URL: http://www.gnu.org/software/libtool/ @@ -188,6 +188,9 @@ rm -f %{buildroot}%{_libdir}/libltdl.{a,la} %changelog +* Thu Jun 06 2024 Frederic Berat - 2.4.6-46 +- Harden libltdl loaders (RHEL-39991) + * Tue Jan 11 2022 Marek Kulik - 2.4.6-45 - Enable LTO build - Add disable-lto-link-order2.patch to pass tests