From c09262f8f0181613b52f76de11e07409fe9d0285 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20B=C3=A9rat?= Date: Fri, 31 May 2024 13:18:48 +0200 Subject: [PATCH] Rework hardening patch to ensure loaders are covered Part of the libltdl library is built with different options. The hardening patch needs to be reworked to make sure that these parts are built with the required hardening options. Resolves: RHEL-33501 --- libtool-2.4.6-hardening.patch | 14 -------------- libtool-2.4.7-hardening.patch | 28 ++++++++++++++++++++++++++++ libtool.spec | 7 +++++-- 3 files changed, 33 insertions(+), 16 deletions(-) delete mode 100644 libtool-2.4.6-hardening.patch create mode 100644 libtool-2.4.7-hardening.patch diff --git a/libtool-2.4.6-hardening.patch b/libtool-2.4.6-hardening.patch deleted file mode 100644 index 5c78918..0000000 --- a/libtool-2.4.6-hardening.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 13dfc63..5c5603a 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -311,6 +311,9 @@ libtool: $(ltmain_sh) $(config_status) $(dotversion) - - include libltdl/ltdl.mk - -+libltdl_libltdl_la_CPPFLAGS += $(CUSTOM_LTDL_CFLAGS) -+libltdl_libltdl_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) -+ - lt_aclocal_m4 = $(srcdir)/$(ltdl_dir)/aclocal.m4 - lt_config_h_in = $(srcdir)/$(ltdl_dir)/config-h.in - lt_configure = $(srcdir)/$(ltdl_dir)/configure diff --git a/libtool-2.4.7-hardening.patch b/libtool-2.4.7-hardening.patch new file mode 100644 index 0000000..2ad24d2 --- /dev/null +++ b/libtool-2.4.7-hardening.patch @@ -0,0 +1,28 @@ +diff --git a/Makefile.am b/Makefile.am +index 13dfc63..5c5603a 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -311,6 +311,23 @@ libtool: $(ltmain_sh) $(config_status) $(dotversion) + + include libltdl/ltdl.mk + ++libltdl_libltdl_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_libltdl_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++ ++libltdl_dlopen_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_dld_link_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_dyld_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_load_add_on_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_loadlibrary_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++libltdl_shl_load_la_LDFLAGS += $(CUSTOM_LTDL_LDFLAGS) ++ ++libltdl_dlopen_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_dld_link_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_dyld_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_load_add_on_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_loadlibrary_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++libltdl_shl_load_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS) ++ + lt_aclocal_m4 = $(srcdir)/$(ltdl_dir)/aclocal.m4 + lt_config_h_in = $(srcdir)/$(ltdl_dir)/config-h.in + lt_configure = $(srcdir)/$(ltdl_dir)/configure diff --git a/libtool.spec b/libtool.spec index 5476fca..c7a963a 100644 --- a/libtool.spec +++ b/libtool.spec @@ -8,7 +8,7 @@ Summary: The GNU Portable Library Tool Name: libtool Version: 2.4.7 -Release: 10%{?dist} +Release: 11%{?dist} # To help future rebase, the following licenses were seen in the following files/folders: # '*' is anything that was not explicitly listed earlier in the folder @@ -55,7 +55,7 @@ Patch0: libtool-2.4.5-rpath.patch # that bakes the CFLAGS/LDFLAGS into installed /bin/libtool and ltmain.sh files. # At the same time we want to have libltdl.so hardened. Downstream-only patch. %undefine _hardened_build -Patch1: libtool-2.4.6-hardening.patch +Patch1: libtool-2.4.7-hardening.patch # The testsuite seems to not properly handle template instantiation and as # a result fails. libtool itself appears to be OK from my by-hand testing. (by Jeff Law) @@ -204,6 +204,9 @@ rm -f %{buildroot}%{_libdir}/libltdl.{a,la} %changelog +* Fri May 31 2024 Frédéric Bérat - 2.4.7-11 +- Rework hardening patch to include loaders. (RHEL-33501) + * Sun Jan 21 2024 Fedora Release Engineering - 2.4.7-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild