Rework hardening patch to ensure loaders are covered

Part of the libltdl library is built with different options. The hardening patch needs to be reworked to make sure that these parts are built with the required hardening options. Resolves: RHEL-33501
2024-05-31 13:18:48 +02:00 · 2024-05-31 13:18:48 +02:00 · c09262f8f0
commit c09262f8f0
parent 770440b273
3 changed files with 33 additions and 16 deletions
--- a/libtool-2.4.6-hardening.patch
+++ b/libtool-2.4.6-hardening.patch
@ -1,14 +0,0 @@
-diff --git a/Makefile.am b/Makefile.am
-index 13dfc63..5c5603a 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -311,6 +311,9 @@ libtool: $(ltmain_sh) $(config_status) $(dotversion)
- 
- include libltdl/ltdl.mk
- 
-+libltdl_libltdl_la_CPPFLAGS += $(CUSTOM_LTDL_CFLAGS)
-+libltdl_libltdl_la_LDFLAGS  += $(CUSTOM_LTDL_LDFLAGS)
-+
- lt_aclocal_m4	= $(srcdir)/$(ltdl_dir)/aclocal.m4
- lt_config_h_in	= $(srcdir)/$(ltdl_dir)/config-h.in
- lt_configure	= $(srcdir)/$(ltdl_dir)/configure
--- a/libtool-2.4.7-hardening.patch
+++ b/libtool-2.4.7-hardening.patch
@ -0,0 +1,28 @@
+diff --git a/Makefile.am b/Makefile.am
+index 13dfc63..5c5603a 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -311,6 +311,23 @@ libtool: $(ltmain_sh) $(config_status) $(dotversion)
+ 
+ include libltdl/ltdl.mk
+ 
+libltdl_libltdl_la_CFLAGS = $(CUSTOM_LTDL_CFLAGS)
+libltdl_libltdl_la_LDFLAGS  += $(CUSTOM_LTDL_LDFLAGS)
+
+libltdl_dlopen_la_LDFLAGS  += $(CUSTOM_LTDL_LDFLAGS)
+libltdl_dld_link_la_LDFLAGS  += $(CUSTOM_LTDL_LDFLAGS)
+libltdl_dyld_la_LDFLAGS  += $(CUSTOM_LTDL_LDFLAGS)
+libltdl_load_add_on_la_LDFLAGS  += $(CUSTOM_LTDL_LDFLAGS)
+libltdl_loadlibrary_la_LDFLAGS  += $(CUSTOM_LTDL_LDFLAGS)
+libltdl_shl_load_la_LDFLAGS  += $(CUSTOM_LTDL_LDFLAGS)
+
+libltdl_dlopen_la_CFLAGS  = $(CUSTOM_LTDL_CFLAGS)
+libltdl_dld_link_la_CFLAGS  = $(CUSTOM_LTDL_CFLAGS)
+libltdl_dyld_la_CFLAGS  = $(CUSTOM_LTDL_CFLAGS)
+libltdl_load_add_on_la_CFLAGS  = $(CUSTOM_LTDL_CFLAGS)
+libltdl_loadlibrary_la_CFLAGS  = $(CUSTOM_LTDL_CFLAGS)
+libltdl_shl_load_la_CFLAGS  = $(CUSTOM_LTDL_CFLAGS)
+
+ lt_aclocal_m4	= $(srcdir)/$(ltdl_dir)/aclocal.m4
+ lt_config_h_in	= $(srcdir)/$(ltdl_dir)/config-h.in
+ lt_configure	= $(srcdir)/$(ltdl_dir)/configure
--- a/libtool.spec
+++ b/libtool.spec
@ -8,7 +8,7 @@
 Summary: The GNU Portable Library Tool
 Name:    libtool
 Version: 2.4.7
-Release: 10%{?dist}
+Release: 11%{?dist}

 # To help future rebase, the following licenses were seen in the following files/folders:
 # '*' is anything that was not explicitly listed earlier in the folder
@ -55,7 +55,7 @@ Patch0:  libtool-2.4.5-rpath.patch
 # that bakes the CFLAGS/LDFLAGS into installed /bin/libtool and ltmain.sh files.
 # At the same time we want to have libltdl.so hardened.  Downstream-only patch.
 %undefine _hardened_build
-Patch1: libtool-2.4.6-hardening.patch
+Patch1: libtool-2.4.7-hardening.patch

 # The testsuite seems to not properly handle template instantiation and as
 # a result fails.  libtool itself appears to be OK from my by-hand testing. (by Jeff Law)
@ -204,6 +204,9 @@ rm -f %{buildroot}%{_libdir}/libltdl.{a,la}


 %changelog
+* Fri May 31 2024 Frédéric Bérat <fberat@redhat.com> - 2.4.7-11
+- Rework hardening patch to include loaders. (RHEL-33501)
+
 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild