rpms/libtool
5
0
Fork 0
Code Issues Pull Requests Releases Activity

build: harden libltdl.so

Browse Source 
Resolves: rhbz#1548751
Version: 2.4.6-24
This commit is contained in:
Pavel Raiskup 2018-04-20 14:45:06 +02:00
parent 2e616087c1
commit af42c0d6a8
2 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libtool-2.4.6-hardening.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/Makefile.am b/Makefile.am
index 13dfc63..5c5603a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -311,6 +311,9 @@ libtool: $(ltmain_sh) $(config_status) $(dotversion)
include libltdl/ltdl.mk
+libltdl_libltdl_la_CPPFLAGS += $(CUSTOM_LTDL_CFLAGS)
+libltdl_libltdl_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS)
+
lt_aclocal_m4 = $(srcdir)/$(ltdl_dir)/aclocal.m4
lt_config_h_in = $(srcdir)/$(ltdl_dir)/config-h.in
lt_configure = $(srcdir)/$(ltdl_dir)/configure

22
libtool.spec
View File

@ -1,6 +1,3 @@
# See the bug #1289759
%undefine _hardened_build
# See the bug #429880 # See the bug #429880
%global gcc_major %(gcc -dumpversion || echo "666") %global gcc_major %(gcc -dumpversion || echo "666")
# See rhbz#1193591 # See rhbz#1193591
@ -11,7 +8,7 @@
Summary: The GNU Portable Library Tool Summary: The GNU Portable Library Tool
Name: libtool Name: libtool
Version: 2.4.6 Version: 2.4.6
Release: 23%{?dist} Release: 24%{?dist}
License: GPLv2+ and LGPLv2+ and GFDL License: GPLv2+ and LGPLv2+ and GFDL
URL: http://www.gnu.org/software/libtool/ URL: http://www.gnu.org/software/libtool/
Group: Development/Tools Group: Development/Tools
@ -28,6 +25,12 @@ Patch1: libtool-2.4.6-am-1.16-test.patch
# ~> upstream 702a97fbb # ~> upstream 702a97fbb
Patch2: libtool-2.4.6-specs.patch Patch2: libtool-2.4.6-specs.patch
# See the rhbz#1289759 and rhbz#1214506. We disable hardening namely because
# that bakes the CFLAGS/LDFLAGS into installed /bin/libtool and ltmain.sh files.
# At the same time we want to have libltdl.so hardened. Downstream-only patch.
%undefine _hardened_build
Patch3: libtool-2.4.6-hardening.patch
%if ! 0%{?_module_build} %if ! 0%{?_module_build}
Patch100: libtool-nodocs.patch Patch100: libtool-nodocs.patch
%endif %endif
@ -103,6 +106,7 @@ Static libraries and header files for development with ltdl.
%patch0 -p1 -b .rpath %patch0 -p1 -b .rpath
%patch1 -p1 -b .test %patch1 -p1 -b .test
%patch2 -p1 -b .gcc-specs %patch2 -p1 -b .gcc-specs
%patch3 -p1 -b .ltdl-hardening
%if ! 0%{?_module_build} %if ! 0%{?_module_build}
%patch100 -p1 -b .nodocs %patch100 -p1 -b .nodocs
%endif %endif
@ -115,9 +119,6 @@ export CXX=g++
export F77=gfortran export F77=gfortran
export CFLAGS="$RPM_OPT_FLAGS -fPIC" export CFLAGS="$RPM_OPT_FLAGS -fPIC"
# rhbz#1214506
%global _configure_libtool_hardening_hack 0
%configure --prefix=%{_prefix} \ %configure --prefix=%{_prefix} \
--exec-prefix=%{_prefix} \ --exec-prefix=%{_prefix} \
--bindir=%{_bindir} \ --bindir=%{_bindir} \
@ -131,7 +132,9 @@ export CFLAGS="$RPM_OPT_FLAGS -fPIC"
--mandir=%{_mandir} \ --mandir=%{_mandir} \
--infodir=%{_infodir} --infodir=%{_infodir}
make %{?_smp_mflags} make %{?_smp_mflags} \
CUSTOM_LTDL_CFLAGS="%_hardening_cflags" \
CUSTOM_LTDL_LDFLAGS="%_hardening_ldflags"
%check %check
@ -195,6 +198,9 @@ fi
%changelog %changelog
* Fri Apr 20 2018 Pavel Raiskup <praiskup@redhat.com> - 2.4.6-24
- harden libltdl.so (rhbz#1548751)
* Mon Mar 26 2018 Pavel Raiskup <praiskup@redhat.com> - 2.4.6-23 * Mon Mar 26 2018 Pavel Raiskup <praiskup@redhat.com> - 2.4.6-23
- bake in versioned requirement on automake (rhbz#1193591) - bake in versioned requirement on automake (rhbz#1193591)
- fix testsuite FTBFS against automake 1.16.1 - fix testsuite FTBFS against automake 1.16.1